How Long Is CCTV Footage Kept UK

CCTV systems are now an everyday part of life across the UK, from high streets and car parks to private homes and workplaces. They play an important role in deterring crime, improving safety, and providing valuable evidence when incidents occur. But with so much surveillance footage being recorded every day, a key question arises: how long is CCTV footage kept in the UK?

The answer depends on several factors, including the purpose of the CCTV, who owns it, and what type of system is being used. Generally speaking, most CCTV footage in the UK is kept for around 30 days before being deleted automatically. This timeframe aligns with guidance from the Information Commissioner’s Office (ICO) and ensures that recordings are held only for as long as necessary to serve their original purpose.

However, the rules are not one-size-fits-all. Different organisations, landlords, or homeowners may keep footage for shorter or longer periods depending on the circumstances. Understanding the legal and practical aspects of CCTV retention helps ensure compliance with UK data protection laws and builds public confidence in how surveillance is used.

The Legal Basis for CCTV Footage Retention

Under UK law, the handling and retention of CCTV footage fall within the scope of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These laws govern how personal data, including images and videos of identifiable individuals, should be collected, stored, and deleted.

If your CCTV captures images of people beyond your property boundary, such as neighbours, passers-by, or customers, you are considered a data controller under these regulations. This means you are responsible for deciding how long to keep footage and for ensuring it is securely deleted when no longer needed.

The ICO advises that CCTV recordings should not be kept for longer than necessary and that organisations should define a clear retention period in their privacy or CCTV policy. This period should be justifiable based on the purpose of the recording. For example, footage used for general security monitoring may be kept for 30 days, whereas footage relevant to an ongoing investigation may be retained for longer.

Homeowners using CCTV purely for domestic purposes, such as monitoring their own property, are generally exempt from these laws. However, if the cameras record areas outside the home, such as public footpaths or neighbouring gardens, they must comply with data protection rules in the same way as businesses.

Typical Retention Periods for CCTV Footage in the UK

In practice, most CCTV systems in the UK retain footage for about 30 days. This has become the standard duration for both commercial and residential use. It provides enough time to review incidents or respond to complaints without holding on to unnecessary personal data.

For smaller domestic systems, the retention period might be shorter, typically between 7 and 14 days, especially when using limited cloud storage. Many home security devices, such as Ring or Arlo cameras, automatically delete recordings after a set period depending on the subscription plan.

In contrast, larger organisations such as retailers, schools, or transport operators may keep footage for longer, particularly where there is a higher risk of crime or vandalism. However, even in these cases, the organisation must have a valid reason for retaining recordings beyond the 30-day guideline.

The key point is that retention should always be proportionate to the reason the footage was collected. Holding CCTV recordings indefinitely is not permitted under UK data protection law.

Why 30 Days Is the Standard Retention Period

The 30-day retention period is not a legal requirement but a widely accepted industry standard supported by the ICO. It provides a practical balance between maintaining security and protecting privacy.

In most cases, if an incident occurs, it will be discovered and reported within a month. Keeping footage for 30 days gives owners enough time to review the recordings, extract relevant clips, and provide them to the police or insurance companies if needed.

After this period, the likelihood of the footage being required diminishes significantly. Continuing to store recordings beyond this timeframe can be seen as excessive and unnecessary under UK GDPR principles.

Shorter retention periods are perfectly acceptable and even encouraged for smaller systems. The less personal data stored, the lower the risk of misuse or accidental breaches.

How CCTV Systems Automatically Manage Deletion

Modern CCTV systems are designed to delete or overwrite old footage automatically once the storage limit is reached or when the retention period expires. This process ensures that systems can continue recording without manual intervention.

Digital Video Recorders (DVRs) and Network Video Recorders (NVRs) usually work on a loop basis, where the newest footage replaces the oldest files when storage space is full. This is known as cyclic recording.

Cloud-based CCTV systems use a different approach. Instead of overwriting, they automatically delete recordings after a set number of days, depending on the storage plan. For example, some cloud services delete footage after 7, 14, or 30 days unless it is saved manually by the user.

Automatic deletion helps ensure compliance with data protection law by preventing the unnecessary accumulation of personal data. It also reduces the risk of data breaches by limiting how long potentially sensitive footage is stored.

Exceptions: When CCTV Footage May Be Kept Longer

There are situations where CCTV footage may be lawfully retained for longer than the standard 30 days. The most common reason is when footage is required as evidence in an investigation or legal matter.

For example, if a crime, accident, or workplace incident occurs, the relevant section of footage can be extracted and stored securely until the case is resolved. This ensures that evidence is preserved for the police, insurers, or solicitors.

In such cases, it is important to record the reason for extended retention and ensure that only relevant clips are kept. Once the investigation or legal process is complete, the footage must be securely deleted.

Businesses or local authorities may also retain footage longer in areas with persistent security problems or high levels of criminal activity. However, they must be able to demonstrate that extended retention is justified and proportionate.

CCTV Retention Policies for Businesses and Organisations

Any business or organisation that uses CCTV must have a clear written policy outlining how long footage is kept and how it will be deleted. This policy should form part of the organisation’s broader data protection or privacy procedures.

A good CCTV retention policy will specify the purpose of the surveillance, the standard retention period, how footage is stored, who has access, and how data will be deleted or archived when no longer required.

The ICO recommends that organisations regularly review their CCTV practices to ensure they remain proportionate and necessary. Routine audits should confirm that automatic deletion is working correctly and that no unnecessary data is retained.

Employees with access to CCTV footage should be trained in data protection principles to prevent misuse or unlawful sharing of recordings.

CCTV Footage Retention for Domestic Users

For UK homeowners using CCTV to monitor their own property, the same principles of necessity and proportionality apply, even if data protection law does not directly apply in all cases. Keeping footage for longer than needed can still create privacy concerns, especially if neighbours or passers-by are captured.

Most domestic systems, particularly those with cloud storage, handle deletion automatically. Footage is usually removed after 7 to 30 days depending on the device and plan. Homeowners can adjust these settings in the camera app or online portal to control how long recordings are kept.

If a significant event occurs, such as attempted theft or trespassing, homeowners can manually save the relevant footage to a separate file. Once it is no longer needed, the saved footage should be deleted to maintain privacy standards and free up storage space.

How to Comply with Data Protection Law

If your CCTV system captures footage of anyone outside your property, you must comply with UK GDPR and the Data Protection Act. This means you must explain why you are recording, store the footage securely, and delete it when it is no longer necessary.

You can display a clear sign informing people that CCTV is in use, keep recordings for a reasonable period (usually 30 days), and ensure automatic deletion settings are active. You must also provide access to any footage featuring individuals who request it, known as a subject access request.

Failing to delete footage in a timely manner could be considered a breach of data protection principles. If investigated by the ICO, individuals or organisations found to be storing excessive personal data can face warnings or fines.

What Happens When CCTV Footage Is Deleted

Once the retention period ends, CCTV systems automatically delete or overwrite old footage. For local storage, this means that data is replaced on the recorder’s hard drive. In cloud systems, the provider permanently removes files from its servers after the retention period expires.

Deleted CCTV footage is not typically recoverable unless it has been backed up or exported before deletion. Some forensic data recovery services may attempt to retrieve deleted footage from damaged hard drives, but this process is expensive and rarely successful.

For this reason, it is important to export and save any important clips before they are deleted automatically. This might include evidence of an incident or proof of delivery.

The Role of the Information Commissioner’s Office (ICO)

The ICO is the independent authority that oversees data protection and privacy compliance in the UK. It provides detailed guidance for individuals, businesses, and public bodies that operate CCTV systems.

The ICO’s advice emphasises that CCTV users should only retain footage for as long as necessary and delete it securely once the purpose has been fulfilled. Keeping footage indefinitely or without justification is likely to breach the law.

If you believe a business or organisation is holding on to footage longer than necessary, you can contact the ICO for advice or make a formal complaint. The ICO can investigate and, if appropriate, issue enforcement notices or fines.

How Long Public CCTV Systems Keep Footage

CCTV systems operated by public bodies such as councils, police forces, and transport authorities follow strict retention schedules. These systems usually keep footage for 30 days unless an incident occurs that requires footage to be preserved for investigation.

In high-security or counter-terrorism contexts, footage may be kept longer, but such retention must comply with additional regulations and oversight. Public bodies must document their retention policies and ensure they are transparent about how data is used and deleted.

Why Retention Length Matters

The question of how long CCTV footage is kept is not only about storage but also about accountability and trust. Recording and storing video of individuals constitutes the processing of personal data, which carries a responsibility to respect privacy rights.

By limiting retention to a reasonable period, CCTV users demonstrate that they are using surveillance proportionately. It also reduces the risk of accidental data breaches or misuse.

Furthermore, managing footage efficiently saves space and ensures that recording systems continue working without interruption. Allowing footage to accumulate indefinitely can overload storage and degrade system performance.

Frequently Asked Questions About CCTV Footage Retention

How long is CCTV footage kept in the UK?

In most cases, CCTV footage is kept for around 30 days before being deleted automatically.

Can CCTV footage be kept for longer than 30 days?

Yes, if the footage is required for investigation or evidence, it can be retained longer, but only for as long as necessary.

Do homeowners have to delete CCTV footage?

If the footage only covers their property, homeowners are exempt from legal retention rules, but deleting recordings regularly is still good practice.

Can deleted CCTV footage be recovered?

Once deleted or overwritten, footage is generally unrecoverable unless it has been exported or backed up.

Do businesses need a CCTV retention policy?

Yes, businesses and organisations must have a written policy that defines how long footage is kept and how it will be deleted.

Conclusion

In the UK, CCTV footage is typically kept for around 30 days before being deleted automatically. This period strikes a balance between maintaining security and protecting individual privacy. While there is no specific legal limit, the retention period must always be justifiable, proportionate, and aligned with data protection principles.

Whether you are a homeowner with a simple doorbell camera or a business with an extensive surveillance system, responsible management of CCTV footage is essential. Keeping recordings only as long as needed, securing them properly, and ensuring automatic deletion takes place will help you stay compliant with UK law and maintain trust among those your cameras may record.

By understanding how CCTV footage is stored, managed, and deleted, you can ensure that your system provides the security you need without compromising the privacy rights of others.