Corporate CCTV Policy - March 2026

10. Storage and Retention

10.1. CCTV system footage is stored for 30 days and then overwritten. 

10.2. Access to CCTV footage will be kept secure in accordance with the Corporate CCTV Policy.

10.3. All footage will be stored securely in accordance with the Council's Corporate CCTV Policy.

10.4. Footage from smart doorbell cameras must be retained for no longer than 30 days unless required for investigation. All footage must be encrypted during storage and transmission. Access logs must be maintained for all interactions with smart doorbell footage, including viewing, copying, and deletion. 

10.5. Data Residency and International Transfers - All CCTV footage, including that captured by smart doorbell cameras, should be stored in data centres located within the United Kingdom or European Economic Area (EEA), or with cloud service providers who guarantee UK/EEA data residency and full compliance with UK GDPR. 
 
10.6. Where footage is stored or processed outside the UK/EEA, the Council must ensure that appropriate safeguards are in place, such as Standard Contractual Clauses, and that the rights and freedoms of data subjects are protected to the same standard as required by UK GDPR. 
 
10.7. The location of all CCTV data storage must be documented in the system register and reviewed as part of the Data Protection Impact Assessment (DPIA). 
 
10.8. All footage remains the property and copyright of the Council. 
 
10.9. All footage is time and date stamped. 
 
10.10. All media and CCTV devices will be confidentially disposed of when no longer needed following Council’s disposal procedure.  
 
10.11. Recorded material will not be sold or used for commercial purposes. 
 
10.12. Footage transferred from the CCTV recorder to the Council laptop via USB memory stick must be deleted from the USB once the transfer is completed. 
 
10.13.  For further information, please see the Council’s policy on Handling personal data.