IoD CCTV Policy

1. CCTV Ownership

The Institute of Directors (IoD) operates a CCTV surveillance system (“the system”) throughout the IoD estate, with images monitored and recorded centrally. The CCTV cameras are situated at specific locations internally and externally on the IoD estate. The system is owned and managed by Art Security Solutions and operated by MITIE security.

The responsible manager is the Head of National Premises and Facilities.

2. Compliance

Images obtained from the system which include recognisable individuals constitute personal data as described in the General Data Protection Regulation (GDPR).

The IoD is the registered data controller under the terms of the GDPR. The Data Protection Officer (DPO) for the IoD is the individual responsible for assisting the IoD in monitoring internal compliance with the GDPR, whilst also informing and advising the Institute of its data protection obligations.

This policy has been written in accordance with the advisory guidance contained within the Information Commissioner’s CCTV Code of Practice and the Home Office Surveillance Camera Code of Practice.

3. Purpose of our CCTV System

The IoD’s registered purpose for processing personal data through use of the system is crime prevention and/or employee monitoring. This is further defined as:

“CCTV is used for maintaining public safety, the security of property and premises and for preventing and investigating crime. This information may be about employees, members, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance.

Where necessary or required this information will be shared with the data subjects themselves, employees and agents, services providers, police forces, court or tribunal, security organisations and persons making an enquiry.”

The operators of the system recognise the effect of such systems on the individual and the right to privacy.

Full details of the IoD’s data protection registration are available on the Information Commissioner’s Office website.

4. Description

The system is intended to produce images as clear as possible and appropriate for the purposes stated. The system is operated to provide when required, information and images of evidential value.

Cameras are located at strategic points throughout the IoD’s estate, principally at the perimeters, entrance, exit and side points of buildings and public and non-public collection spaces.

Signage is prominently placed at strategic points on the estate to inform employees, visitors, and members of the public that a CCTV installation is in use and includes contact details for further information.

5. Operation

Images captured by the system are recorded continuously and may be monitored in the IoD’s Security control room. Images displayed on monitors are not visible from outside the security control room and access to the security control room is strictly limited.

All security staff working in IoD premises are licensed by the Security Industry Authority and are fully aware of the sensitivity of handling CCTV images and recordings. The Head of National Premises and Facilities will ensure that authorised staff are fully briefed and trained in all aspects of the operational and administrative functions of the system.

6. Photo & Videos at IoD Events

Images may be captured during events organised, and/or hosted by the Institute of Directors (IoD) using film photography, digital photography, video, or other mediums. The IoD reserves the right to use the images captured in any brochures, booklets, videos, websites or other media and publicity material produced by the IoD.

The IoD informs all persons taking part in an IoD event that they may be photographed, filmed, videoed, or otherwise captured in image form.

Where possible and practical to do so, the IoD will seek written consent to image capture. However, where this is not possible for practical reasons, unless express objections are received, individuals attending an event are deemed to have given their consent by attending or remaining at the event.

7. Information retention

No images, videos or information shall be stored for longer than is required for the stated purpose. A daily audit is carried out to ensure that all images captured by the CCTV are deleted after 30 days or once their purpose has been discharged. Information used as a reference database for matching purposes will be accurate and kept up to date.

8. Access

All access to recorded images is recorded in the security control room daily log. Access to images is restricted to those who need to have access in accordance with this policy, the standard operating procedure and any governing legislation.

Disclosure of recorded material will only be made to third parties in accordance with the purposes of the system and in compliance with the GDPR.

Anyone who believes that they have been filmed by the system can request a copy of the recording, subject to any restrictions covered by the GDPR’s subject rights provisions. Data subjects also have the right to request that inaccurate data be corrected or erased and to seek redress for any damage caused. Procedures are in place to ensure all such access requests are dealt with effectively and within the law. Access requests should be addressed to the DPO and e-mailed to [email protected] or by letter to:

For the attention of the DPO at the Institute of Directors, 116 Pall Mall, London SW1Y 5ED.

9. Feedback

Members of the public should address any concerns or complaints over use of the Institute of Directors CCTV system to [email protected] or by post to the Institute of Directors at 116 Pall Mall, London SW1Y. 5ED for the attention of the DPO. IoD employees should address any enquiries or concerns relating to the system to their line manager in the first instance.

10. Policy review

For the avoidance of doubt all policies relating to GDPR and/or data protection (whether referred to on the Infonet, the IoD website or otherwise communicated to the IoD’s employees, members, or non- members) are not contractually binding on the IoD and may be withdrawn or amended at any time. They will be under ongoing review and will be replaced with the latest versions accordingly.

Internet Explorer
Your web browser is out of date and is not supported by the IoD website. It is important to update your browser for increased security and a better web experience.