Do schools legally need a CCTV policy?

Yes. Under UK GDPR, schools must have a documented lawful basis for processing personal data captured by CCTV, a Data Protection Impact Assessment (DPIA), and a privacy notice displayed at camera locations. A CCTV Acceptable Use Policy formalises governance and is required by most school insurers and the ICO.

What should a school CCTV policy include?

A school CCTV Acceptable Use Policy should cover: purpose and legal basis for CCTV, camera locations, retention period, who can access footage, subject access request procedure, data breach procedure, staff training requirements, and annual review obligations.

What is a DPIA and does my school need one?

A Data Protection Impact Assessment (DPIA) is a legal requirement under UK GDPR Article 35 before deploying CCTV in schools. It documents the purpose, necessity, proportionality and risks of CCTV processing, and must be completed before cameras are installed.

School CCTV Policy Generator | Free Template

Step 1 — School Details

Tell us about your school

This information will appear throughout your policy documents. Use your school's full legal name.

School / Academy full name

Local authority / MAT name

School phase

School address

School website

Document version

Policy adopted date

Review date

Step 2 — Key People

Who is responsible for CCTV?

UK GDPR requires you to name a Data Controller and, where applicable, a Data Protection Officer. These individuals are named in all three documents.

Data Controller name

Data Controller role

Data Protection Officer (DPO) name

DPO contact email

CCTV System Manager name

CCTV System Manager role

Authorised viewers of CCTV footage (roles only — no names)

List roles, not individual names. Roles should be kept to the minimum necessary.

Step 3 — CCTV System

Tell us about your CCTV system

These details appear in the DPIA and Privacy Notice. Be as specific as you can — this is what the ICO would expect to see.

Number of cameras

Footage retention period

Camera locations (general areas — not precise positions)

Do not include cameras in toilets, changing rooms or other private areas — this would be unlawful.

Does your system include audio recording?

Where is footage stored?

Is the system monitored 24/7 by an Alarm Receiving Centre?

CCTV installer / maintainer (company name)

Your installer should hold NSI NACOSS Gold or SSAIB approval.

Step 4 — Purpose & Legal Basis

Why does your school use CCTV?

UK GDPR requires you to document the specific purposes for which CCTV is used and the legal basis for each. Select all that apply.

Purposes of CCTV at your school

Safeguarding pupils and staff — deterring and detecting abuse, bullying or inappropriate behaviour

Security of the premises — deterring and detecting unauthorised access, vandalism or theft

Providing evidence in disciplinary, criminal or insurance proceedings

Supporting Martyn's Law / counter-terrorism preparedness obligations

Traffic and vehicle management in car parks and access roads

Health and safety monitoring — identifying hazards and accidents

Legal basis for processing (UK GDPR Article 6)

Most maintained schools use Article 6(1)(e). Most academies use Article 6(1)(f). If unsure, consult your DPO.

Ready to generate your three documents

Enter your details to generate your CCTV Acceptable Use Policy, Privacy Notice and DPIA Summary. We'll also email you copies for your records.

First name

Last name

Email address

Your role

Phone (optional)

By submitting you agree to Fyrfly Systems contacting you about your documents. We will not share your data with third parties.

School CCTVPolicy Generator

Tell us about your school

Who is responsible for CCTV?

Tell us about your CCTV system

Why does your school use CCTV?

Ready to generate your three documents

School CCTV
Policy Generator