DPDP Compliance for CCTV & Surveillance Data
Liability Check
Your CCTV footage isn't just security footage – it's personal data under the DPDP Act. Mismanage it, and face massive fines for unlawful processing.
Why DPDP Compliance for CCTV & Surveillance Data is at Risk
Every frame captured by your CCTV cameras, whether at a tech park entrance, a retail store aisle, or inside your office, contains **personal data** if individuals can be identified. The DPDP Act mandates strict controls over this data, requiring a **legitimate purpose** for collection and clear notice to individuals. You can't just record indiscriminately; you need defined policies for how long footage is kept, who can access it, and for what explicit reasons. Without proper protocols, this ubiquitous surveillance system becomes a massive compliance headache, exposing you to **penalties for unlawful processing**.
Common Violations
- 1.Installing CCTV cameras in office common areas or retail spaces without **prominently displayed notices** informing individuals about data collection, purpose, and contact details.
- 2.Retaining CCTV footage for months or years **beyond the stated purpose** (e.g., security incident investigation) without a clear, documented retention policy.
- 3.Failing to implement **access controls** for CCTV recordings, allowing unauthorized personnel to view or download sensitive footage, or sharing it externally without a legal basis.
The Immediate Fix
Immediately audit all CCTV locations in your premises (e.g., Bangalore's Electronic City offices, Mumbai's corporate hubs). Ensure visible signage is placed at every entry point and within monitored areas, clearly stating that surveillance is active, the purpose (e.g., security), and contact details for data subjects. Draft a basic CCTV data policy outlining purpose, retention periods, and access controls today.
Projected Compliance Deadline: Immediate