DUAA:2025 & CCTV Video Surveillance
DUAA Act 2025: What IT & Facilities Managers Need to Know About CCTV Compliance
The Data Use and Access Act (DUAA) 2025 introduces major updates to UK data protection laws, particularly affecting how organizations manage video surveillance and CCTV systems. For IT managers and facilities managers, these changes bring new responsibilities and opportunities to improve compliance and operational efficiency.
These updates are designed to simplify data access processes while maintaining high standards of privacy and transparency. Below, we break down the key changes and what they mean for your organization.
Reasonable and Proportionate Searches for DSARs
DUAA now requires organizations to conduct “reasonable and proportionate” searches when responding to Data Subject Access Requests (DSARs).
What This Means:
- No need to review hours of footage unless it’s reasonable to do so.
- Footage must be provided if an individual is identifiable.
Action Points:
- Implement smart search tools in CCTV systems.
- Train staff to assess what qualifies as a “reasonable” search.
For official guidance, visit the ICO’s CCTV and Video Surveillance Guidance.
“Stop the Clock” Provision
This new mechanism allows organizations to pause the DSAR response timeline while verifying identity or clarifying the scope of a request.
Why It Matters:
- Useful for handling complex video data across multiple cameras or locations.
Action Points:
- Update DSAR workflows to include verification and clarification steps.
- Document all pauses for transparency and compliance.
Video & Audio Explicitly Defined as Personal Data
DUAA confirms that video and audio recordings are considered personal data when individuals are identifiable.
Implications:
- Individuals can request access to footage where they appear.
- Secure storage, processing, and redaction are now mandatory.
Action Points:
- Use CCTV video surveillance systems with automated redaction features.
- Review and update data retention policies.
Rise in DSARs Involving Surveillance Footage
DUAA has led to a surge in DSARs involving video and audio data due to:
- Increased public awareness of privacy rights
- Widespread use of surveillance in schools, transport hubs, and workplaces
- Legal and HR disputes where video evidence is crucial
Action Points:
- Streamline video data access processes.
- Train teams to handle DSARs involving surveillance footage.
Operational Implications for CCTV Video Surveilence Systems
CCTV systems must now function as privacy-compliant data platforms.
Key Considerations:
- Can your system efficiently locate and redact footage?
- Is footage stored securely and for an appropriate duration?
- Are staff trained in handling DSARs involving video data?
Final Thoughts
The DUAA Act 2025 is a pivotal moment for organizations using video surveillance. For IT managers, it’s about ensuring systems are secure and efficient. For facilities managers, it’s about understanding the legal responsibilities tied to physical security infrastructure.
By aligning your policies, technologies, and teams with DUAA’s requirements, you’ll not only stay compliant—you’ll also build trust with employees, customers, and the public.
For Information on DUAA Compliant CCTV Video Surveillance systems speak to i Security’s experts Contact
For a full summary of the DUAA Act 2025, visit the UK Government’s official guidance.