top of page

CCTV Rules for Vacant Property Security (UK Guide)

  • Writer: Justin Myles MSc FSyI CPP PSP CSMP
    Justin Myles MSc FSyI CPP PSP CSMP
  • Feb 6, 2023
  • 8 min read

Updated: May 1

If you're responsible for securing a vacant building or site, using CCTV is one of the most effective ways to deter trespassing, vandalism, and theft. But it also comes with legal responsibilities — especially around how footage is collected, stored, and shared.


This guide is designed for landlords, property managers, developers, and contractors who operate CCTV on vacant commercial properties in the UK. We’ll break down the key rules around signage, data protection, and footage sharing — helping you stay compliant while keeping your property protected.

CCTV camera system in monitoring center
A CCTV camera monitoring multiple zones across a vacant property site — a critical tool for deterring intrusion, capturing evidence, and ensuring compliance with UK data protection laws.

Who Needs to Follow CCTV Laws in the UK?


If you're using CCTV to monitor a vacant commercial property — whether it's a shopfront, housing stock, industrial site, or development land, you're not just enhancing security, you're also becoming a data controller under UK law.


That means you’re responsible for handling recorded footage in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.


This applies to:


  • Landlords and estate owners

  • Property managers and letting agents

  • Housing associations and councils

  • Developers and contractors

  • Security firms acting on behalf of site owners


Even if the property is empty and no tenants or staff are present, the law still applies. Anyone passing by your site — a trespasser, a delivery driver, or a member of the public — may be captured on camera, which means you’re handling personal data.


Failing to follow these rules could lead to penalties, reputational harm, or issues with insurance compliance — which is why understanding your legal responsibilities is essential.



Do You Need to Register Your CCTV System with the ICO?


Information Commissioner’s Office (ICO) logo – the UK regulator for data protection compliance
The ICO is the UK’s independent authority on data protection. If your CCTV system captures personal data, you may need to register with the ICO and appear on their public register

Yes — if you use CCTV to monitor a vacant property and the cameras capture identifiable individuals (e.g. members of the public, trespassers, delivery drivers), then your business is processing personal data under the UK GDPR and Data Protection Act 2018.


That means you are legally considered a data controller, and most data controllers are required to:


  • Register with the Information Commissioner’s Office (ICO), and

  • Pay an annual data protection fee


This applies to landlords, property managers, councils, and any business or sole trader using CCTV for security — even if the site is empty.


Failure to register can result in enforcement action and fines, and it may undermine your credibility if a legal or insurance issue arises. The ICO maintains a public register of data controllers, which is searchable by anyone.


You can find out more or register at: https://ico.org.uk/for-organisations/data-protection-fee/



Signage Requirements on Vacant Sites


CCTV surveillance warning sign fixed to a steel security fence at a vacant property, cautioning intruders that the site is actively monitored
Visible CCTV signage is more than a legal requirement, it is a clear deterrent. This warning sign on a secured vacant property fence alerts anyone approaching that the site is actively monitored and protected.

If you're using CCTV on a vacant property, you’re legally required to inform people that they’re being recorded. This isn’t just a courtesy — it’s a clear requirement under the UK GDPR and the Surveillance Camera Code of Practice.

 

What Does the Law Say?


You must display clear, visible signage that tells people:


  • CCTV is in operation

  • Who is responsible for the system (your company or the property owner)

  • Why footage is being recorded (e.g. for security purposes)

  • How people can contact you for more information (a phone number, website or email)


This applies even if:


  • The building is unoccupied

  • The cameras are only active at night

  • The system is temporary (e.g. mobile towers like our Sentinel units)

 

Common Mistakes to Avoid:


  • No signage at all — particularly on rear or side access points

  • Signs that are too small or hidden

  • Failing to include contact details or purpose


Good signage not only keeps you compliant, it also acts as a visible deterrent — sending a clear message to would-be intruders that the property is actively monitored.



How Long Can You Keep Footage?


There’s no one-size-fits-all answer — but if you’re using CCTV to secure a vacant property, you can’t just keep footage indefinitely.


Under the UK GDPR, you’re expected to:


  • Only retain footage for as long as it’s necessary

  • Have a clear reason for how long you store it

  • Delete or securely overwrite footage when it’s no longer needed


So What’s “Necessary”?


In most cases, 31 days is a widely accepted retention period — and it’s often recommended by the Information Commissioner’s Office (ICO). That said, you can keep footage longer if you have a valid reason, like:


  • A break-in, fly-tipping, or trespassing incident under investigation

  • A legal dispute or insurance claim

  • An ongoing pattern of suspicious activity at the site


Just make sure:


  • You document why it’s being kept

  • You restrict access to only those who need it

  • You securely delete the footage when it’s no longer relevant


Why It Matters


Keeping footage “just in case” without a clear purpose can land you in trouble — and may breach data protection laws.



When Can You Share CCTV Footage?


CCTV is a powerful tool for protecting vacant properties, but once you've recorded someone on camera, that footage becomes personal data. That means sharing it, even with the best intentions is strictly regulated under the UK GDPR and Data Protection Act 2018.


Sharing Footage on Social Media? Don’t.


You might be tempted to post footage online to warn others or identify intruders — but unless you're a law enforcement agency, this is almost always a breach of data protection law.


Even if someone is caught trespassing, fly-tipping, or vandalising your property, you can’t share footage publicly unless:


  • The individual cannot be identified, or

  • You’ve received explicit legal advice or authorisation


In most cases, posting it on social media puts your business at legal risk — not theirs.


How to Share CCTV Footage Responsibly


There are a few legitimate reasons to share cctv footage, such as:


  • With the police, as part of an active investigation

  • With your insurance provider, if a claim requires evidence

  • With a solicitor, for legal proceedings

  • Internally, among authorised staff responsible for security


In each case:


  • Keep a record of why the footage is being shared

  • Limit access to only those who need it

  • Don’t share more footage than necessary (e.g. a 20-second clip vs. an hour-long video)


Best Practice Tip


Always include a note in your CCTV policy about how and when footage may be disclosed and make sure your staff (or clients, if you manage systems for them) understand the rules.



Using CCTV to Deter Trespassing and Vandalism


teen caught in a cctv footage trespassing a vacant land

Vacant properties are easy targets. Once a site looks unoccupied, it can quickly attract the wrong kind of attention — from opportunistic vandals to squatters or fly-tippers.


CCTV is one of the most effective tools for deterring unwanted activity. When combined with fencing, signage, and lighting, it shows that the site is being actively monitored.


In the latest Commercial Victimisation Survey, published by the UK Home Office, an estimated 409,000 business premises in England and Wales were affected by crime — with burglary and vandalism among the most common offences.

How CCTV Helps Prevent Intrusion


  • Real-time surveillance with alerts for movement or entry

  • Remote monitoring allows for fast response

  • Recorded footage supports investigations and claims


Criminals are far less likely to target properties where they know they’ll be seen.


Even a seemingly minor intrusion can lead to:


  • Graffiti or broken windows

  • Fire damage or illegal dumping

  • Legal complications from squatting


That’s why CCTV is a first line of defence for protecting assets.



Is CCTV Required for Insurance Compliance?


Not always — but it’s often expected.


Most insurers have strict conditions for covering vacant properties. If you want full coverage or lower premiums, CCTV can play a big role.


What Insurers Expect



If you can't show reasonable efforts to protect the site, your claim may be denied.


CCTV as Risk Mitigation


A compliant CCTV setup:


  • Demonstrates risk was managed

  • Helps support and speed up claims

  • May qualify you for lower premiums


Our clients regularly use Sentinel PID Pro towers to meet insurer expectations on difficult sites.



Conclusion


CCTV is one of the most effective ways to protect vacant properties — but it’s not just about installing a camera and walking away. You need to follow clear legal guidelines, stay compliant with data protection laws, and ensure your system meets the expectations of insurers, clients, and regulators.


As the controller responsible for your surveillance system you must ensure that personal data captured by the system is processed in accordance with Article 5 GDPR, which stipulates that personal data (CCTV Images) must be: -


  • Processed lawfully, fairly and transparently

  • Collected for specific, explicit and legitimate purposes and not further processed for other purposes

  • Adequate, relevant and limited to what is necessary

  • Accurate and where necessary kept up to date

  • Kept in a form that allows data subjects to be identified for no longer than is necessary

  • Processed securely & disposed of properly

 


 Need Help Securing a Vacant Property?


Whether it’s a retail unit, housing stock, or industrial land, Propertysec provides smart, effective solutions to secure your site quickly and professionally.


We conduct comprehensive Data Protection Impact Assessments (DPIA) when deploying surveillance technologies. help you meet legal obligations, insurance requirements, and site-specific risks with tailored systems — from CCTV and steel screens to off-grid towers and signage.




Key Takeaways

 

  • CCTV footage = personal data under UK GDPR

  • You must register with the ICO if you're a data controller

  • Always use signage — even on vacant sites

  • Keep footage for no longer than necessary (usually 31 days)

  • Never share CCTV on social media

  • Position cameras carefully and consider masking



Frequently Asked Questions (FAQ)


Can I share CCTV footage from my vacant property online?


No. Sharing footage on social media is usually a breach of data protection law unless individuals cannot be identified or you have legal permission.


How long can I legally keep CCTV footage?


Around 31 days is typical. You may keep footage longer for legal reasons, but you must document the justification and delete it when no longer needed.


Do I need signs if I’m using CCTV on an empty site?


Yes. You must display clear signage stating that CCTV is in use, who operates it, why, and how to contact them.


Does CCTV help with insurance for vacant properties?


Yes. CCTV can help fulfil your insurer’s conditions, support claims, and reduce premiums when combined with other risk measures.


Who is responsible for CCTV footage on an empty property?


The party installing and managing the system — typically the landlord or security provider — is considered the data controller and is legally responsible.


Do I need to register my CCTV system with the ICO?


Yes. If your CCTV system captures images of identifiable individuals for security purposes, you’ll likely need to register as a data controller with the Information Commissioner’s Office (ICO) and pay a small annual fee. You can check if your business is already registered on the ICO public register.


Where can I point CCTV cameras on a commercial property?


CCTV cameras should focus on the area you’re securing. Avoid capturing public spaces or neighbouring buildings unless absolutely necessary. If this can’t be avoided, masking features and clear signage are essential, and you may need to conduct a Data Protection Impact Assessment (DPIA).


About the writer: Justin Quigley, is a recognised security expert in the protection of property through the introduction and deployment of technical and non-technical security measures, including CCTV towers, video verification systems, fencing, perimeter protection technology, hostile vehicle barriers, alarms and analytical camera systems.


He is a prolific writer on the subject of crime prevention, security technology and void property security.


 
 
 

3 Comments


onyxlock andkey
onyxlock andkey
Apr 30

In 2024, the UK has updated its CCTV Security Surveillance footage rules to emphasize transparency and data protection. Property owners, including businesses and individuals like a locksmith operating from home, must clearly display signs notifying the public of CCTV use. Footage must be securely stored and only kept as long as necessary. For locksmiths who install or monitor CCTV systems, understanding these legal obligations is essential to ensure compliance and protect clients' rights under current privacy regulations.

Like

Mike Modano
Mike Modano
Jan 28

When installing CCTV in a business, it's essential to follow legal guidelines regarding privacy and data protection. CCTV cameras should not infringe on areas where employees or customers have a reasonable expectation of privacy, such as restrooms or changing rooms. Additionally, businesses must inform staff and visitors that surveillance is in place. A key locksmith near me can assist in securing entry points to the business, ensuring that only authorized personnel can access the footage and maintain the system's security.


Like

Unknown member
Sep 13, 2023

ok so neighbour across the parking lot jamming my cctv camera which is pointing to my car in parking lot !! how to deal with such things?!??

Like
bottom of page