cctv

Can a self storage facility legally record images inside a customer's locked storage unit? UK Self Storage Facilities CCTV rules explained 2026

Published on

Can a self storage facility legally record images inside a customer's locked storage unit? UK Self Storage Facilities CCTV rules explained 2026

Can a self storage facility legally record images inside a customer's locked storage unit?

Under current UK data protection law, the answer is generally no, and attempting to do so would almost certainly violate the Data Protection Act 2018 (DPA) and the UK GDPR. CCTV monitoring must be proportionate and must respect the expectation of privacy within a locked, private space. Footage collection should be limited to common areas, such as access roads, entry gates, and common hallways, to prevent theft and manage liability. Recording inside a unit would constitute monitoring a private residential or commercial space without the owner's consent or a clear legal basis, which is illegal. Any recording system must adhere to the 'purpose limitation' principle, meaning the data collected must only be used for the stated purpose (e.g., managing premises safety). Always ensure comprehensive and conspicuous signage is visible, detailing the exact scope of the surveillance and providing details on data subject rights.

More questions about Self Storage Facilities:

Must self storage facilities record CCTV footage for all hours of the day?

No, recording footage 24/7 is often disproportionate and excessive. Best practice dictates that surveillance should be targeted to high-risk times or specific areas (like entrances and exits) where the risk of theft or damage is highest. Reviewing the necessity of continuous recording should be part of your Data Protection Impact Assessment (DPIA). If the footage is not necessary for security or operational management, collecting it merely increases data storage costs and compliance risk.

How long must a UK self storage facility legally keep CCTV data footage?

There is no single statutory requirement, but the principle of data minimization applies. The Information Commissioner's Office (ICO) advises that footage should only be retained for the period absolutely necessary to meet the specific security purpose. For general theft investigations, a period of 30 days is commonly cited, but this must be reviewed against your site's specific risk profile. Once the data is no longer required for its stated purpose, it must be securely deleted or anonymised.

Yes, monitoring the public and customer behaviour in common areas is a standard and legal security measure, provided the system is implemented transparently. The CCTV must be clearly signposted, indicating that the area is under surveillance and outlining how data subjects can exercise their rights. However, the monitoring must be non-intrusive, meaning the cameras cannot focus on private conversations or behaviour that falls outside the reasonable scope of managing the premises.

What happens if the police request access to CCTV footage?

If law enforcement (such as the police) request access to your CCTV footage, you must comply promptly, but you also have the right to verify the request's legitimacy. The police must usually demonstrate a clear legal basis (such as an active criminal investigation) for requiring the data. It is highly recommended that you maintain a thorough record of all police requests and seek immediate legal advice before releasing any sensitive footage.

For free CCTV surveys, call: 07830 638 337

GitHub: https://github.com/gazpearce/gary-ai-assistant

Pillar Guide: https://cctvsystems.notion.site/35f5b433f5b581aa8f85cf07b4e17837

Gary Pearce | 07830 638 337 | https://github.com/gazpearce/gary-ai-assistant