CCTV & Surveillance Under DPDP
Liability Check
Your CCTV cameras aren't just watching; they're actively collecting personal data of employees, visitors, and customers. Without a clear legal basis and proper notice, every minute of footage could be a DPDP violation, risking penalties up to ₹250 Crore.
Why CCTV & Surveillance Under DPDP is at Risk
Whether you're securing a manufacturing plant in Pune, a retail chain in Delhi, or an office space in Chennai, your surveillance systems capture **identifiable data** like facial features and movement patterns. The DPDP Act mandates strict compliance: you must provide clear **notice** (e.g., prominent signage) about surveillance, state the specific **purpose** for data collection (e.g., security, fraud prevention, not general employee monitoring), and ensure **data minimization**. Indefinite storage or unwarranted access to this footage can lead to severe liability for **data breach** and non-compliance.
Common Violations
- 1.Operating CCTV without clear, conspicuous signage informing individuals of surveillance and its purpose.
- 2.Recording audio via CCTV without explicit consent or a lawful basis, going beyond the stated security purpose.
- 3.Indefinite retention of surveillance footage, or storing it in unencrypted, easily accessible formats without proper access controls.
The Immediate Fix
Install prominent, multilingual signage at all entry points and within CCTV-monitored areas, clearly stating that surveillance is active, the **purpose** for recording, and who to contact. Implement a strict data retention policy for footage, ensuring deletion once its stated purpose is fulfilled, and secure storage.
Projected Compliance Deadline: Immediate