CCTV Rules for Vacant Property Security (UK Guide)
- Justin Myles MSc FSyI CPP PSP CSMP
- Feb 6, 2023
- 8 min read
Updated: May 1
If you're responsible for securing a vacant building or site, using CCTV is one of the most effective ways to deter trespassing, vandalism, and theft. But it also comes with legal responsibilities — especially around how footage is collected, stored, and shared.
This guide is designed for landlords, property managers, developers, and contractors who operate CCTV on vacant commercial properties in the UK. We’ll break down the key rules around signage, data protection, and footage sharing — helping you stay compliant while keeping your property protected.

Who Needs to Follow CCTV Laws in the UK?
If you're using CCTV to monitor a vacant commercial property — whether it's a shopfront, housing stock, industrial site, or development land, you're not just enhancing security, you're also becoming a data controller under UK law.
That means you’re responsible for handling recorded footage in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This applies to:
Landlords and estate owners
Property managers and letting agents
Housing associations and councils
Developers and contractors
Security firms acting on behalf of site owners
Even if the property is empty and no tenants or staff are present, the law still applies. Anyone passing by your site — a trespasser, a delivery driver, or a member of the public — may be captured on camera, which means you’re handling personal data.
Failing to follow these rules could lead to penalties, reputational harm, or issues with insurance compliance — which is why understanding your legal responsibilities is essential.
Do You Need to Register Your CCTV System with the ICO?

Yes — if you use CCTV to monitor a vacant property and the cameras capture identifiable individuals (e.g. members of the public, trespassers, delivery drivers), then your business is processing personal data under the UK GDPR and Data Protection Act 2018.
That means you are legally considered a data controller, and most data controllers are required to:
Register with the Information Commissioner’s Office (ICO), and
Pay an annual data protection fee
This applies to landlords, property managers, councils, and any business or sole trader using CCTV for security — even if the site is empty.
Failure to register can result in enforcement action and fines, and it may undermine your credibility if a legal or insurance issue arises. The ICO maintains a public register of data controllers, which is searchable by anyone.
You can find out more or register at: https://ico.org.uk/for-organisations/data-protection-fee/
Signage Requirements on Vacant Sites

If you're using CCTV on a vacant property, you’re legally required to inform people that they’re being recorded. This isn’t just a courtesy — it’s a clear requirement under the UK GDPR and the Surveillance Camera Code of Practice.
What Does the Law Say?
You must display clear, visible signage that tells people:
CCTV is in operation
Who is responsible for the system (your company or the property owner)
Why footage is being recorded (e.g. for security purposes)
How people can contact you for more information (a phone number, website or email)
This applies even if:
The building is unoccupied
The cameras are only active at night
The system is temporary (e.g. mobile towers like our Sentinel units)
Common Mistakes to Avoid:
No signage at all — particularly on rear or side access points
Signs that are too small or hidden
Failing to include contact details or purpose
Good signage not only keeps you compliant, it also acts as a visible deterrent — sending a clear message to would-be intruders that the property is actively monitored.
How Long Can You Keep Footage?
There’s no one-size-fits-all answer — but if you’re using CCTV to secure a vacant property, you can’t just keep footage indefinitely.
Under the UK GDPR, you’re expected to:
Only retain footage for as long as it’s necessary
Have a clear reason for how long you store it
Delete or securely overwrite footage when it’s no longer needed
So What’s “Necessary”?
In most cases, 31 days is a widely accepted retention period — and it’s often recommended by the Information Commissioner’s Office (ICO). That said, you can keep footage longer if you have a valid reason, like:
A break-in, fly-tipping, or trespassing incident under investigation
A legal dispute or insurance claim
An ongoing pattern of suspicious activity at the site
Just make sure:
You document why it’s being kept
You restrict access to only those who need it
You securely delete the footage when it’s no longer relevant
Why It Matters
Keeping footage “just in case” without a clear purpose can land you in trouble — and may breach data protection laws.
When Can You Share CCTV Footage?
CCTV is a powerful tool for protecting vacant properties, but once you've recorded someone on camera, that footage becomes personal data. That means sharing it, even with the best intentions is strictly regulated under the UK GDPR and Data Protection Act 2018.
Sharing Footage on Social Media? Don’t.
You might be tempted to post footage online to warn others or identify intruders — but unless you're a law enforcement agency, this is almost always a breach of data protection law.
Even if someone is caught trespassing, fly-tipping, or vandalising your property, you can’t share footage publicly unless:
The individual cannot be identified, or
You’ve received explicit legal advice or authorisation
In most cases, posting it on social media puts your business at legal risk — not theirs.
How to Share CCTV Footage Responsibly
There are a few legitimate reasons to share cctv footage, such as:
With the police, as part of an active investigation
With your insurance provider, if a claim requires evidence
With a solicitor, for legal proceedings
Internally, among authorised staff responsible for security
In each case:
Keep a record of why the footage is being shared
Limit access to only those who need it
Don’t share more footage than necessary (e.g. a 20-second clip vs. an hour-long video)
Best Practice Tip
Always include a note in your CCTV policy about how and when footage may be disclosed and make sure your staff (or clients, if you manage systems for them) understand the rules.
Using CCTV to Deter Trespassing and Vandalism

Vacant properties are easy targets. Once a site looks unoccupied, it can quickly attract the wrong kind of attention — from opportunistic vandals to squatters or fly-tippers.
CCTV is one of the most effective tools for deterring unwanted activity. When combined with fencing, signage, and lighting, it shows that the site is being actively monitored.
In the latest Commercial Victimisation Survey, published by the UK Home Office, an estimated 409,000 business premises in England and Wales were affected by crime — with burglary and vandalism among the most common offences.
How CCTV Helps Prevent Intrusion
Real-time surveillance with alerts for movement or entry
Remote monitoring allows for fast response
Recorded footage supports investigations and claims
Criminals are far less likely to target properties where they know they’ll be seen.
Even a seemingly minor intrusion can lead to:
Graffiti or broken windows
Fire damage or illegal dumping
Legal complications from squatting
That’s why CCTV is a first line of defence for protecting assets.
Is CCTV Required for Insurance Compliance?
Not always — but it’s often expected.
Most insurers have strict conditions for covering vacant properties. If you want full coverage or lower premiums, CCTV can play a big role.
What Insurers Expect
Regular site checks
Locking and boarding up access points
Risk reduction measures like CCTV, signage, and security fencing
If you can't show reasonable efforts to protect the site, your claim may be denied.
CCTV as Risk Mitigation
A compliant CCTV setup:
Demonstrates risk was managed
Helps support and speed up claims
May qualify you for lower premiums
Our clients regularly use Sentinel PID Pro towers to meet insurer expectations on difficult sites.
Conclusion
CCTV is one of the most effective ways to protect vacant properties — but it’s not just about installing a camera and walking away. You need to follow clear legal guidelines, stay compliant with data protection laws, and ensure your system meets the expectations of insurers, clients, and regulators.
As the controller responsible for your surveillance system you must ensure that personal data captured by the system is processed in accordance with Article 5 GDPR, which stipulates that personal data (CCTV Images) must be: -
Processed lawfully, fairly and transparently
Collected for specific, explicit and legitimate purposes and not further processed for other purposes
Adequate, relevant and limited to what is necessary
Accurate and where necessary kept up to date
Kept in a form that allows data subjects to be identified for no longer than is necessary
Processed securely & disposed of properly
Need Help Securing a Vacant Property?
Whether it’s a retail unit, housing stock, or industrial land, Propertysec provides smart, effective solutions to secure your site quickly and professionally.
We conduct comprehensive Data Protection Impact Assessments (DPIA) when deploying surveillance technologies. help you meet legal obligations, insurance requirements, and site-specific risks with tailored systems — from CCTV and steel screens to off-grid towers and signage.
Contact us at info@propertysec.co.uk Or visit: www.propertysec.co.uk
Key Takeaways
CCTV footage = personal data under UK GDPR
You must register with the ICO if you're a data controller
Always use signage — even on vacant sites
Keep footage for no longer than necessary (usually 31 days)
Never share CCTV on social media
Position cameras carefully and consider masking
Frequently Asked Questions (FAQ)
Can I share CCTV footage from my vacant property online?
No. Sharing footage on social media is usually a breach of data protection law unless individuals cannot be identified or you have legal permission.
How long can I legally keep CCTV footage?
Around 31 days is typical. You may keep footage longer for legal reasons, but you must document the justification and delete it when no longer needed.
Do I need signs if I’m using CCTV on an empty site?
Yes. You must display clear signage stating that CCTV is in use, who operates it, why, and how to contact them.
Does CCTV help with insurance for vacant properties?
Yes. CCTV can help fulfil your insurer’s conditions, support claims, and reduce premiums when combined with other risk measures.
Who is responsible for CCTV footage on an empty property?
The party installing and managing the system — typically the landlord or security provider — is considered the data controller and is legally responsible.
Do I need to register my CCTV system with the ICO?
Yes. If your CCTV system captures images of identifiable individuals for security purposes, you’ll likely need to register as a data controller with the Information Commissioner’s Office (ICO) and pay a small annual fee. You can check if your business is already registered on the ICO public register.
Where can I point CCTV cameras on a commercial property?
CCTV cameras should focus on the area you’re securing. Avoid capturing public spaces or neighbouring buildings unless absolutely necessary. If this can’t be avoided, masking features and clear signage are essential, and you may need to conduct a Data Protection Impact Assessment (DPIA).
About the writer: Justin Quigley, is a recognised security expert in the protection of property through the introduction and deployment of technical and non-technical security measures, including CCTV towers, video verification systems, fencing, perimeter protection technology, hostile vehicle barriers, alarms and analytical camera systems.
He is a prolific writer on the subject of crime prevention, security technology and void property security.
In 2024, the UK has updated its CCTV Security Surveillance footage rules to emphasize transparency and data protection. Property owners, including businesses and individuals like a locksmith operating from home, must clearly display signs notifying the public of CCTV use. Footage must be securely stored and only kept as long as necessary. For locksmiths who install or monitor CCTV systems, understanding these legal obligations is essential to ensure compliance and protect clients' rights under current privacy regulations.
When installing CCTV in a business, it's essential to follow legal guidelines regarding privacy and data protection. CCTV cameras should not infringe on areas where employees or customers have a reasonable expectation of privacy, such as restrooms or changing rooms. Additionally, businesses must inform staff and visitors that surveillance is in place. A key locksmith near me can assist in securing entry points to the business, ensuring that only authorized personnel can access the footage and maintain the system's security.
ok so neighbour across the parking lot jamming my cctv camera which is pointing to my car in parking lot !! how to deal with such things?!??