Skip to content
Compliance 5 min read ·

GDPR & Security: What You Need to Know

CCTV, visitor logs and incident reports are all personal data. Here’s how a compliant security provider should handle them.

Security and data protection are often treated as separate concerns. They aren't. CCTV footage, visitor logs, access records and incident reports are all personal data under UK GDPR — and how your provider handles them is your responsibility too.

The basics your provider should get right

  • Lawful basis: a clear reason for every category of data collected
  • Retention limits: footage and logs kept only as long as needed
  • Security: encrypted storage, access controls, UK-based data
  • Breach response: a plan to notify within 72 hours if required

What good looks like

Documented retention periods, signed data-processing terms, trained staff, and a privacy policy you can actually read. We publish ours — see our Privacy Policy.

Security done properly is data protection done properly.

Put this into practice

Book a free risk assessment and we’ll apply it to your site.

Schedule Free Assessment Talk to our operations desk