CCTV Policy and Code of Practice

Making an Access Request

Ask at reception for an access form titled “CCTV Application for Data Access”. You can ask reception a question online by completing the Ask Reception a Question form.

Please ensure that the form is fully completed, using a separate sheet of paper if necessary, and return it together with the non-refundable £10 fee.

Please note that a decision on access will be made based only on the details provided within the form and accompanying documents. No other information will be requested. It is therefore essential that full details are given.

Please send the application to:

The Practice Manager
Burney Street Practice
48 Burney Street
SE10 8EX

Access – Data Subject

The Data Protection Act 1998 (Section 7) specifies the rights of access of the Data Subject.

All requests for access must be in writing on a Data Access form which will be provided on request, accompanied by a £10 fee, which is non-refundable should the request be declined.

The form must be fully completed.

A response will be provided as soon as possible, and in any event within 40 days. Where an application is declined, a reason will be given.

Access – Third Party

Access by third parties will be tightly controlled to ensure the confidentiality of individuals. All requests will be in writing on the standard form provided, accompanied by a £10 access fee, which is non-refundable should the application be declined.

Images will only be made available to third parties in limited and prescribed circumstances, and this will generally be restricted to law enforcement agencies.

Where an application is declined a reason will be given.

Retention of Images

Images will not be retained longer than is considered necessary, and will then be deleted. All images will be held securely, and all access requests, and access to images, will be documented.

Images may record individuals and/or incidents. Not all recordings are designed to identify persons.

Other than in accordance with statutory rights, the release or availability of images will be at the discretion of the partners/principal to the practice, who are data controllers for the purposes of the Data Protection Act.

Images are held to improve the personal security of patients and staff whilst on the premises, and for the prevention and detection of crime, and images may be provided to police or other bodies.

Where access is granted in response to an application received, the image may be edited to exclude images of third parties who may be also included within the requested image. This may be necessary to protect the identity of the third parties. In these circumstances the image released as part of the application may record/identify the “data subject” only.

Images will be located by the data controller or authorised person.

When assessing the content of the image released, the decision will be taken by the data controllers having due regard to the requirements of the Data Protection Act and code of conduct.


Complaints must be made in writing and addressed to the practice manager. You can also complain online by completing the Feedback and Complaints triage.

Where the complaint is being made by a third party, and the complaint or enquiry relates to someone else, the written consent of the data subject is required. Where this is not possible, full justification must be given.

All complaints will be acknowledged within 14 days, and a response provided within 21 days.

Terms Used

  • Data controller – this is the controller of the data and the system, as defined in the Act. In this case the controller is the partnership
  • Data subject – this is the person whose image is within the system, and who has rights of access as determined under the Act
  • Third party – a person or body other than the data subject who requests access, or to whom an image may be provided