CCTV Rules for Vacant Property Security (UK Guide)

UK law is clear: if your CCTV system captures people near a vacant site, you are a data controller under the UK GDPR and the Data Protection Act 2018. That means you must register with the ICO, display clear signage, manage how long you keep footage, and restrict how it’s shared.

This guide explains the key rules landlords, property managers, and developers need to follow; from retention periods to signage requirements so you can stay compliant, protect your property, and avoid costly mistakes.

Who Needs to Follow CCTV Laws in the UK?

If you are using CCTV to monitor a vacant commercial property, whether it is a shopfront, housing stock, industrial site, or development land, you're not just enhancing security, you are also becoming a data controller under UK law.

That means you re responsible for handling recorded footage in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This applies to:

• Landlords and estate owners

• Property managers and letting agents

• Housing associations and councils

• Developers and contractors

• Security firms acting on behalf of site owners

Even if the property is empty and no tenants or staff are present, the law still applies. Anyone passing by your site, a trespasser, a delivery driver, or a member of the public, may be captured on camera, which means you are handling personal data.

Failing to follow these rules could lead to penalties, reputational harm, or issues with insurance compliance which is why understanding your legal responsibilities is essential.

Do You Need to Register Your CCTV System with the ICO?

Yes, if you use CCTV to monitor a vacant property and the cameras capture identifiable individuals (e.g. members of the public, trespassers, delivery drivers), then your business is processing personal data under the UK GDPR and Data Protection Act 2018.

That means you are legally considered a data controller, and most data controllers are required to:

• Register with the Information Commissioner’s Office (ICO), and

• Pay an annual data protection fee

This applies to landlords, property managers, councils, and any business or sole trader using CCTV for security even if the site is empty.

Failure to register can result in enforcement action and fines, and it may undermine your credibility if a legal or insurance issue arises. The ICO maintains a public register of data controllers, which is searchable by anyone.

Signage Requirements on Vacant Sites

If you are using CCTV on a vacant property, you are legally required to inform people that they are being recorded. This isn’t just a courtesy it is a clear requirement under the UK GDPR and the Surveillance Camera Code of Practice.

What Does the Law Say?

You must display clear, visible signage that tells people:

• CCTV is in operation

• Who is responsible for the system (your company or the property owner)

• Why footage is being recorded (e.g. for security purposes)

• How people can contact you for more information (a phone number, website or email)

  
  

This applies even if:

• The building is unoccupied

• The cameras are only active at night

• The system is temporary (e.g. Sentinel PID Security tower)

Common Mistakes to Avoid:

• No signage at all particularly on rear or side access points

• Signs that are too small or hidden

• Failing to include contact details or purpose

Good signage not only keeps you compliant, it also acts as a visible deterrent sending a clear message to would be intruders that the property is actively monitored.

How Long Can You Keep Footage?

Under the UK GDPR, you can’t keep CCTV footage indefinitely. The law expects you to:

• Retain footage only as long as necessary (commonly 31 days).

• Keep footage longer only if there’s a valid reason:

  • Ongoing police investigation.

  • Insurance claim or legal dispute.

  • Documented pattern of suspicious activity.

• Record your justification for extended storage.

• Restrict access to authorised staff only.

• Securely delete or overwrite footage once no longer needed.

FAQ: How long can I legally keep CCTV footage?

Around 31 days is typical. You may keep it longer for legal or insurance reasons, but you must document why and delete it when no longer relevant.

When Can You Share CCTV Footage?

CCTV is a powerful tool for protecting vacant properties, but once you've recorded someone on camera, that footage becomes personal data. That means sharing it, even with the best intentions is strictly regulated under the UK GDPR and Data Protection Act 2018.

Sharing Footage on Social Media? Don’t.

You might be tempted to post footage online to warn others or identify intruders but unless you're a law enforcement agency, this is almost always a breach of data protection law.

Even if someone is caught trespassing, fly-tipping, or vandalising your property, you can’t share footage publicly unless:

• The individual cannot be identified, or

• You’ve received explicit legal advice or authorisation

In most cases, posting it on social media puts your business at legal risk not theirs.

How to Share CCTV Footage Responsibly

There are a few legitimate reasons to share cctv footage, such as:

• With the police, as part of an active investigation

• With your insurance provider, if a claim requires evidence

• With a solicitor, for legal proceedings

• Internally, among authorised staff responsible for security

In each case:

• Keep a record of why the footage is being shared

• Limit access to only those who need it

• Don’t share more footage than necessary (e.g. a 20-second clip vs. an hour-long video)

Best Practice Tip

Always include a note in your CCTV policy about how and when footage may be disclosed and make sure your staff (or clients, if you manage systems for them) understand the rules.

Using CCTV to Deter Trespassing and Vandalism

Vacant properties are easy targets. Once a site looks unoccupied, it can quickly attract the wrong kind of attention from opportunistic vandals to squatters or fly-tippers.

CCTV is one of the most effective tools for deterring unwanted activity. When combined with fencing, signage, and lighting, it shows that the site is being actively monitored.

How CCTV Helps Prevent Intrusion

• Real-time surveillance with alerts for movement or entry

• Remote monitoring allows for fast response

• Recorded footage supports investigations and claims

Criminals are far less likely to target properties where they know they’ll be seen.

Even a seemingly minor intrusion can lead to:

• Graffiti or broken windows

• Fire damage or illegal dumping

• Legal complications from squatting

That is why CCTV is a first line of defence for protecting assets.

Vacant properties are easy targets, see our guide: Preventing Burglary in 2025

Is CCTV Required for Insurance Compliance?

Not always but it’s often expected.

Most insurers have strict conditions for covering vacant properties. If you want full coverage or lower premiums, CCTV can play a big role.

What Insurers Expect

• Regular site checks

• Locking and boarding up access points

• Risk reduction measures like CCTV, signage, and security fencing

If you can't show reasonable efforts to protect the site, your claim may be denied.

CCTV as Risk Mitigation

A compliant CCTV setup:

• Demonstrates risk was managed

• Helps support and speed up claims

• May qualify you for lower premiums

Our clients regularly use Sentinel PID Pro towers to meet insurer expectations on difficult sites.

Conclusion

CCTV is one of the most effective ways to protect vacant properties but it is not just about installing a camera and walking away. You need to follow clear legal guidelines, stay compliant with data protection laws, and ensure your system meets the expectations of insurers, clients, and regulators.

As the controller responsible for your surveillance system you must ensure that personal data captured by the system is processed in accordance with Article 5 GDPR, which stipulates that personal data (CCTV Images) must be:

• Processed lawfully, fairly and transparently

• Collected for specific, explicit and legitimate purposes and not further processed for other purposes

• Adequate, relevant and limited to what is necessary

• Accurate and where necessary kept up to date

• Kept in a form that allows data subjects to be identified for no longer than is necessary

• Processed securely & disposed of properly

Need Help Securing a Vacant Property?

Whether it’s a retail unit, housing stock, or industrial land, Propertysec provides smart, effective solutions to secure your site quickly and professionally.

We conduct comprehensive Data Protection Impact Assessments (DPIA) when deploying surveillance technologies. help you meet legal obligations, insurance requirements, and site-specific risks with tailored systems from CCTV and steel screens to off-grid towers and signage.

Contact us at info@propertysec.co.uk Or visit: Propertysec website

Key Takeaways

• CCTV footage counts as personal data under UK GDPR.

• Register with the ICO if your system captures identifiable people.

• Display clear signage at all entrances, even if the site is vacant.

• Retain footage only as long as necessary (typically 31 days).

• Do not share footage publicly (e.g. on social media).

• Set camera angles carefully; mask or block areas outside your boundary.

Frequently Asked Questions (FAQ)

Can I share CCTV footage from my vacant property online?

No. Sharing footage on social media is usually a breach of data protection law unless individuals cannot be identified or you have legal permission.

How long can I legally keep CCTV footage?

Around 31 days is typical. You may keep footage longer for legal reasons, but you must document the justification and delete it when no longer needed.

Do I need signs if I’m using CCTV on an empty site?

Yes. You must display clear signage stating that CCTV is in use, who operates it, why, and how to contact them.

Does CCTV help with insurance for vacant properties?

Yes. CCTV can help fulfil your insurer’s conditions, support claims, and reduce premiums when combined with other risk measures.

Who is responsible for CCTV footage on an empty property?

The party installing and managing the system, typically the landlord or security provider is considered the data controller and is legally responsible.

Do I need to register my CCTV system with the ICO?

Yes. If your CCTV system captures images of identifiable individuals for security purposes, you’ll likely need to register as a data controller with the Information Commissioner’s Office (ICO) and pay a small annual fee. You can check if your business is already registered on the ICO public register.

Where can I point CCTV cameras on a commercial property?

CCTV cameras should focus on the area you’re securing. Avoid capturing public spaces or neighbouring buildings unless absolutely necessary. If this can’t be avoided, masking features and clear signage are essential, and you may need to conduct a Data Protection Impact Assessment (DPIA).

About the writer:

Justin Quigley, is a recognised security expert in the protection of property through the introduction and deployment of technical and non-technical security measures, including CCTV towers, video verification systems, fencing, perimeter protection technology, hostile vehicle barriers, alarms and analytical camera systems.

He is a prolific writer on the subject of crime prevention, security technology and void property security.