Data Protection in Manned Guarding: Beyond the Basics
How GDPR and data protection law applies to security guard operations, from CCTV to incident reports and GPS tracking.
By Michael Bryce · 8 March 2026 · Updated 23 April 2026 · 2 min read
For ACS compliance, this is important. Security operations generate significant amounts of personal data: CCTV footage, incident reports containing descriptions of individuals, visitor logs, GPS tracking of guards, and body-worn camera recordings. All of this data falls under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data You’re Likely Processing
Security companies often underestimate the volume and sensitivity of personal data they handle. Common data types include CCTV and body-worn camera footage, incident reports with descriptions of suspects and victims, visitor and contractor sign-in records, GPS location data from guard tracking systems, access control logs, and photographs taken during patrols.
Each of these data types needs a lawful basis for processing, appropriate retention periods, and proper security measures. In many cases, the security company acts as a data processor on behalf of the client (the data controller), which requires a formal data processing agreement.
Key Compliance Steps
Start with a data mapping exercise: identify what personal data you collect, where it’s stored, who has access, and how long you keep it. Then ensure you have a lawful basis for each processing activity — for security operations, this is typically legitimate interests or legal obligation.
Implement appropriate technical measures: encrypt data in transit and at rest, restrict access on a need-to-know basis, use secure cloud storage rather than USB drives or personal devices, and ensure any guard management software you use complies with data protection requirements.
Guard Awareness
Guards handle personal data daily, often without realising it. Training should cover what constitutes personal data, how to handle incident reports containing sensitive information, rules around sharing information with police and other authorities, proper use of body-worn cameras and CCTV, and what to do in the event of a data breach.
Data Subject Rights
Individuals whose data you process have rights including access, erasure, and objection. You need procedures to handle subject access requests within the statutory 30-day timeframe. For CCTV footage, this means having a system to locate and redact footage of other individuals before disclosure. Guard management platforms with built-in data export and deletion tools make responding to these requests significantly more manageable.
Ready to modernise your security operations? Request a free demo of TacDesk and see how cloud-based guard management can transform your business.
Related Articles
- → GDPR Compliance for Security Companies: What You Need to Know
- → Digital Occurrence Books: ACS Compliance Made Simple
- → Lone Worker Safety for Security Guards: Check Calls, Legal Duties, and Smart Solutions
- → Body-Worn Cameras for Security Guards: Benefits, Law, and Best Practice
Explore all TacDesk features · Book a free demo · View pricing
Michael Bryce
Founder of TacDesk. Writes about SIA compliance, operations, and running a UK security company — from someone who actually works the shifts.
Connect on LinkedIn →See TacDesk in action
Win tenders, pass SIA audits, and run your whole operation from one place. Book a free 30-minute demo.
Book a Free DemoRelated reading
SIA Licence Expiry: How to Manage Renewals Across a Security Workforce
A single expired SIA licence on a live deployment is a criminal offence. Here is how to track and manage licence renewals across your entire security workforce — without relying on spreadsheets.
Working Time Regulations for Security Guards: What UK Security Employers Need to Know
The Working Time Regulations 1998 set strict limits on hours, rest breaks, and night work for security guards. Here’s what UK security employers must know to stay compliant in 2026.
SIA Compliance in 2026: A Practical Guide for UK Security Companies
SIA compliance requirements have changed in 2026. From increased licence fees to new refresher training obligations and Martyn’s Law, here’s what UK security companies need to know — and how to stay on top of it operationally.