CCTV Rules for Vacant Property Security (UK Guide)

If you're responsible for securing a vacant building or site, using CCTV is one of the most effective ways to deter trespassing, vandalism, and theft. But it also comes with legal responsibilities — especially around how footage is collected, stored, and shared.

This guide is designed for landlords, property managers, developers, and contractors who operate CCTV on vacant commercial properties in the UK. We’ll break down the key rules around signage, data protection, and footage sharing — helping you stay compliant while keeping your property protected.

Who Needs to Follow CCTV Laws in the UK?

If you're using CCTV to monitor a vacant commercial property — whether it's a shopfront, housing stock, industrial site, or development land, you're not just enhancing security, you're also becoming a data controller under UK law.

That means you’re responsible for handling recorded footage in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This applies to:

• Landlords and estate owners

• Property managers and letting agents

• Housing associations and councils

• Developers and contractors

• Security firms acting on behalf of site owners

Even if the property is empty and no tenants or staff are present, the law still applies. Anyone passing by your site — a trespasser, a delivery driver, or a member of the public — may be captured on camera, which means you’re handling personal data.

Failing to follow these rules could lead to penalties, reputational harm, or issues with insurance compliance — which is why understanding your legal responsibilities is essential.

Do You Need to Register Your CCTV System with the ICO?

Yes — if you use CCTV to monitor a vacant property and the cameras capture identifiable individuals (e.g. members of the public, trespassers, delivery drivers), then your business is processing personal data under the UK GDPR and Data Protection Act 2018.

That means you are legally considered a data controller, and most data controllers are required to:

• Register with the Information Commissioner’s Office (ICO), and

• Pay an annual data protection fee

This applies to landlords, property managers, councils, and any business or sole trader using CCTV for security — even if the site is empty.

Failure to register can result in enforcement action and fines, and it may undermine your credibility if a legal or insurance issue arises. The ICO maintains a public register of data controllers, which is searchable by anyone.

You can find out more or register at: https://ico.org.uk/for-organisations/data-protection-fee/

Signage Requirements on Vacant Sites

If you're using CCTV on a vacant property, you’re legally required to inform people that they’re being recorded. This isn’t just a courtesy — it’s a clear requirement under the UK GDPR and the Surveillance Camera Code of Practice.

What Does the Law Say?

You must display clear, visible signage that tells people:

• CCTV is in operation

• Who is responsible for the system (your company or the property owner)

• Why footage is being recorded (e.g. for security purposes)

• How people can contact you for more information (a phone number, website or email)

  
  

This applies even if:

• The building is unoccupied

• The cameras are only active at night

• The system is temporary (e.g. mobile towers like our Sentinel units)

Common Mistakes to Avoid:

• No signage at all — particularly on rear or side access points

• Signs that are too small or hidden

• Failing to include contact details or purpose

Good signage not only keeps you compliant, it also acts as a visible deterrent — sending a clear message to would-be intruders that the property is actively monitored.

How Long Can You Keep Footage?

There’s no one-size-fits-all answer — but if you’re using CCTV to secure a vacant property, you can’t just keep footage indefinitely.

Under the UK GDPR, you’re expected to:

• Only retain footage for as long as it’s necessary

• Have a clear reason for how long you store it

• Delete or securely overwrite footage when it’s no longer needed

So What’s “Necessary”?

In most cases, 31 days is a widely accepted retention period — and it’s often recommended by the Information Commissioner’s Office (ICO). That said, you can keep footage longer if you have a valid reason, like:

• A break-in, fly-tipping, or trespassing incident under investigation

• A legal dispute or insurance claim

• An ongoing pattern of suspicious activity at the site

Just make sure:

• You document why it’s being kept

• You restrict access to only those who need it

• You securely delete the footage when it’s no longer relevant

Why It Matters

Keeping footage “just in case” without a clear purpose can land you in trouble — and may breach data protection laws.

When Can You Share CCTV Footage?

CCTV is a powerful tool for protecting vacant properties, but once you've recorded someone on camera, that footage becomes personal data. That means sharing it, even with the best intentions is strictly regulated under the UK GDPR and Data Protection Act 2018.

Sharing Footage on Social Media? Don’t.

You might be tempted to post footage online to warn others or identify intruders — but unless you're a law enforcement agency, this is almost always a breach of data protection law.

Even if someone is caught trespassing, fly-tipping, or vandalising your property, you can’t share footage publicly unless:

• The individual cannot be identified, or

• You’ve received explicit legal advice or authorisation

In most cases, posting it on social media puts your business at legal risk — not theirs.

How to Share CCTV Footage Responsibly

There are a few legitimate reasons to share cctv footage, such as:

• With the police, as part of an active investigation

• With your insurance provider, if a claim requires evidence

• With a solicitor, for legal proceedings

• Internally, among authorised staff responsible for security

In each case:

• Keep a record of why the footage is being shared

• Limit access to only those who need it

• Don’t share more footage than necessary (e.g. a 20-second clip vs. an hour-long video)

Best Practice Tip

Always include a note in your CCTV policy about how and when footage may be disclosed and make sure your staff (or clients, if you manage systems for them) understand the rules.

Using CCTV to Deter Trespassing and Vandalism

Vacant properties are easy targets. Once a site looks unoccupied, it can quickly attract the wrong kind of attention — from opportunistic vandals to squatters or fly-tippers.

CCTV is one of the most effective tools for deterring unwanted activity. When combined with fencing, signage, and lighting, it shows that the site is being actively monitored.

How CCTV Helps Prevent Intrusion

• Real-time surveillance with alerts for movement or entry

• Remote monitoring allows for fast response

• Recorded footage supports investigations and claims

Criminals are far less likely to target properties where they know they’ll be seen.

Even a seemingly minor intrusion can lead to:

• Graffiti or broken windows

• Fire damage or illegal dumping

• Legal complications from squatting

That’s why CCTV is a first line of defence for protecting assets.

Is CCTV Required for Insurance Compliance?

Not always — but it’s often expected.

Most insurers have strict conditions for covering vacant properties. If you want full coverage or lower premiums, CCTV can play a big role.

What Insurers Expect

• Regular site checks

• Locking and boarding up access points

• Risk reduction measures like CCTV, signage, and security fencing

If you can't show reasonable efforts to protect the site, your claim may be denied.

CCTV as Risk Mitigation

A compliant CCTV setup:

• Demonstrates risk was managed

• Helps support and speed up claims

• May qualify you for lower premiums

Our clients regularly use Sentinel PID Pro towers to meet insurer expectations on difficult sites.

Conclusion

CCTV is one of the most effective ways to protect vacant properties — but it’s not just about installing a camera and walking away. You need to follow clear legal guidelines, stay compliant with data protection laws, and ensure your system meets the expectations of insurers, clients, and regulators.

As the controller responsible for your surveillance system you must ensure that personal data captured by the system is processed in accordance with Article 5 GDPR, which stipulates that personal data (CCTV Images) must be: -

• Processed lawfully, fairly and transparently

• Collected for specific, explicit and legitimate purposes and not further processed for other purposes

• Adequate, relevant and limited to what is necessary

• Accurate and where necessary kept up to date

• Kept in a form that allows data subjects to be identified for no longer than is necessary

• Processed securely & disposed of properly

 Need Help Securing a Vacant Property?

Whether it’s a retail unit, housing stock, or industrial land, Propertysec provides smart, effective solutions to secure your site quickly and professionally.

We conduct comprehensive Data Protection Impact Assessments (DPIA) when deploying surveillance technologies. help you meet legal obligations, insurance requirements, and site-specific risks with tailored systems — from CCTV and steel screens to off-grid towers and signage.

Contact us at info@propertysec.co.uk Or visit: www.propertysec.co.uk

Key Takeaways

• CCTV footage = personal data under UK GDPR

• You must register with the ICO if you're a data controller

• Always use signage — even on vacant sites

• Keep footage for no longer than necessary (usually 31 days)

• Never share CCTV on social media

• Position cameras carefully and consider masking

Frequently Asked Questions (FAQ)

Can I share CCTV footage from my vacant property online?

No. Sharing footage on social media is usually a breach of data protection law unless individuals cannot be identified or you have legal permission.

How long can I legally keep CCTV footage?

Around 31 days is typical. You may keep footage longer for legal reasons, but you must document the justification and delete it when no longer needed.

Do I need signs if I’m using CCTV on an empty site?

Yes. You must display clear signage stating that CCTV is in use, who operates it, why, and how to contact them.

Does CCTV help with insurance for vacant properties?

Yes. CCTV can help fulfil your insurer’s conditions, support claims, and reduce premiums when combined with other risk measures.

Who is responsible for CCTV footage on an empty property?

The party installing and managing the system — typically the landlord or security provider — is considered the data controller and is legally responsible.

Do I need to register my CCTV system with the ICO?

Yes. If your CCTV system captures images of identifiable individuals for security purposes, you’ll likely need to register as a data controller with the Information Commissioner’s Office (ICO) and pay a small annual fee. You can check if your business is already registered on the ICO public register.

Where can I point CCTV cameras on a commercial property?

CCTV cameras should focus on the area you’re securing. Avoid capturing public spaces or neighbouring buildings unless absolutely necessary. If this can’t be avoided, masking features and clear signage are essential, and you may need to conduct a Data Protection Impact Assessment (DPIA).

About the writer: Justin Quigley, is a recognised security expert in the protection of property through the introduction and deployment of technical and non-technical security measures, including CCTV towers, video verification systems, fencing, perimeter protection technology, hostile vehicle barriers, alarms and analytical camera systems.

He is a prolific writer on the subject of crime prevention, security technology and void property security.

Linkedin