IoD CCTV Policy
- CCTV Ownership
The Institute of Directors (IoD) operates a CCTV surveillance system (“the system”) throughout the IoD estate, with images being monitored and recorded centrally. The CCTV cameras are situated at specific locations internally and externally on the IoD estate. The system is owned and managed by Art Security Solutions and operated by MITIE security.
The responsible manager is the Head of Facilities.
Images obtained from the system which include recognisable individuals constitute personal data and are covered by the General Data Protection Regulation (GDPR).
The IoD is the registered data controller under the terms of the GDPR. The Data Protection Officer (DPO) for the IoD is the individual responsible for assisting the IoD in monitoring internal compliance with the GDPR, whilst also informing and advising the Institute of its data protection obligations.
This policy has been drafted in accordance with the advisory guidance contained within the Information Commissioner’s CCTV Code of Practice and the Home Office Surveillance Camera Code of Practice.
- Purpose of our CCTV System
The IoD’s registered purpose for processing personal data through use of the system is crime prevention and/or staff monitoring. This is further defined as:
“CCTV is used for maintaining public safety, the security of property and premises and for preventing and investigating crime. This information may be about staff, members, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance.
Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, court or tribunal, security organisations and persons making an enquiry.”
The operators of the system recognise the effect of such systems on the individual and the right to privacy.
Full details of the IoD’s data protection registration are available on the Information Commissioner’s Office website.
The system is intended to produce images as clear as possible and appropriate for the purposes stated. The system is operated to provide when required, information and images of evidential value.
Cameras are located at strategic points throughout the IoD’s estate, principally at the perimeters, entrance and exit points of buildings and public and non-public collection spaces.
Signage is prominently placed at strategic points on the estate to inform staff, visitors and members of the public that a CCTV installation is in use and includes contact details for further information.
Images captured by the system are recorded continuously and may be monitored in the IoD’s Security control room. Images displayed on monitors are not visible from outside the security control room and access to the security control room is strictly limited.
All security staff working in IoD premises are licensed by the Security Industry Authority and are fully aware of the sensitivity of handling CCTV images and recordings. The Head of Facilities will ensure that authorised staff are fully briefed and trained in all aspects of the operational and administrative functions of the system.
- Photo & Videos at IoD Events
Images may be captured during events organised and/or hosted by the Institute of Directors (IoD) using film photography, digital photography, video or other mediums. The IoD reserves the right to use the images captured in any brochures, booklets, videos, websites or other media and publicity material produced by the IoD.
The IoD informs all persons taking part in an IoD event that they may be photographed, filmed, videoed or otherwise captured in image form.
Where possible and practical to do so, the IoD will seek written consent to image capture. However, where this is not possible for practical reasons, unless express objections are received, individuals attending an event are deemed to have given their consent by attending or remaining at the event.
- Information retention
No images, videos or information shall be stored for longer than is required for the stated purpose. A daily audit is carried out to ensure that all images captured by the CCTV are deleted after 30 days or once their purpose has been discharged. Information used as a reference database for matching purposes will be accurate and kept up to date.
All access to recorded images is recorded in the security control room daily log. Access to images is restricted to those who need to have access in accordance with this policy, the standard operating procedure and any governing legislation.
Disclosure of recorded material will only be made to third parties in accordance with the purposes of the system and in compliance with the GDPR.
Anyone who believes that they have been filmed by the system can request a copy of the recording, subject to any restrictions covered by the GDPR’s subject access request provisions. Data subjects also have the right to request that inaccurate data be corrected or erased and to seek redress for any damage caused. Procedures are in place to ensure all such access requests are dealt with effectively and within the law. Access requests should be addressed to the DPO and e-mailed to [email protected] or by letter to:
For the attention of the DPO at the Institute of Directors, 116 Pall Mall, London SW1Y 5ED.
Members of the public should address any concerns or complaints over use of the Institute of Directors CCTV system to [email protected] or by post to the Institute of Directors at 116 Pall Mall, London SW1Y 5ED for the attention of the DPO. IoD staff should address any enquiries or concerns relating to the system to their line manager in the first instance.
- Annual review
This policy was approved by the Data Protection Officer on 14 May 2018. It will be reviewed annually by the Data Protection Team to ensure its relevance and alignment with best practice.