Data Protection Impact Assessments for Body-worn Cameras

Body-worn cameras can be a genuine force for accountability – protecting staff, discouraging abuse, and providing clear evidence when incidents happen. But they also change the privacy picture in a very specific way: they create mobile, audio-enabled recording in places where people may not expect to be filmed.

That’s exactly where a Data Protection Impact Assessment (DPIA) becomes essential. Far from being a box-ticking exercise, it’s the tool that helps you demonstrate your deployment is fair, lawful, and proportionate if challenged by the public, staff, unions, regulators, or in court.

What is a Data Protection Impact Assessment?

Think of it as a structured way to assess the impact on people and mitigate the risks – before you switch the cameras on.

In UK GDPR terms, the focus is on risk to the rights and freedoms of individuals, not just organisational risk. In practice, Data Protection Impact Assessments are where you bring together your operational reality (why you need BWCs, how they’ll be used, who will be recorded) with data protection principles (lawfulness, fairness, transparency, minimisation, storage limitation, security) and turn that into a clear, evidenced decision.

When might a Data Protection Impact Assessment be used?

Organisations often run DPIAs when a deployment is sensitive or high-profile (for example, customer-facing retail, healthcare settings, or public-facing enforcement roles), when there’s a new technology capability (like live streaming, auto-upload, location tagging, or AI-assisted search), or when you’re changing how an existing system works (new retention rules, expanded user groups, wider sharing). They’re also useful whenever you need to demonstrate due diligence to stakeholders such as senior leadership, legal, HR, unions, commissioners, or clients.

For example, a housing association planning to equip estate officers with body-worn cameras for property inspections and antisocial behaviour callouts would typically carry out a DPIA. That assessment would look at who might be affected (tenants, visitors, children, and staff), the specific risks involved (recording people in vulnerable situations, filming inside private homes, or capturing children without appropriate safeguards), and how those risks can be reduced. Mitigations might include clear rules on when recording is permitted (for instance, cameras off inside homes unless there’s an immediate risk), visible signage and verbal announcements, strict retention limits (such as 31 days unless footage is required for an investigation), and tight access controls with clear deletion processes. The DPIA would also test proportionality, asking whether alternatives like audio-only recording could achieve the same outcome, and requiring a clear justification if video is considered necessary.

Even when you could argue the risk is moderate, a DPIA can be the difference between “we thought about privacy” and “we can evidence how we designed risk down”.

When must a Data Protection Impact Assessment be completed?

Under Article 35, you must conduct a DPIA before processing begins where the processing is “likely to result in a high risk” to individuals.

For body-worn cameras, two points matter in particular:

1. Systematic monitoring is one of the scenarios that requires a DPIA, especially where recording happens in publicly accessible areas or in ways people can’t realistically avoid. Article 35 explicitly calls out large-scale systematic monitoring as an example.
2. Body-worn video guidance from the ICO treats DPIAs as a key step when deploying BWV, because of the nature of what can be captured (audio, bystanders, sensitive information) and the impact of recording in real-world situations.

So, if BWCs are used routinely, in public-facing roles, with audio, across multiple sites or teams, or alongside anything like live viewing/uploading, it is very difficult to make a credible case that a DPIA isn’t required.

Purpose of Data Protection Impact Assessments

The purpose of a Data Protection Impact Assessment is not to “get to yes” at all costs. It is to confirm:

• whether the proposed use is necessary and proportionate for the stated purpose;
• whether risks can be reduced to an acceptable level through design and controls; and
• whether you have enough transparency and governance to justify the intrusion.

A DPIA also gives you a clear audit trail: what you considered, what you decided, and why.

Guidelines on Data Protection Impact Assessments

There are plenty of guidelines on Data Protection Impact Assessments, but the practical pattern is consistent. 

• You describe the processing clearly (who records, when, where, what is captured – including audio – and how footage moves through your systems).
• You define the lawful basis and purpose, including any secondary uses such as complaint handling, training, internal investigations, or evidence sharing.
• You then assess necessity and proportionality – why BWCs are the right control in your environment (rather than fixed CCTV, extra staffing, panic alarms, or policy changes), and what a “minimum effective” deployment looks like.

From there, you identify risks to individuals and to groups more likely to be impacted (including children, vulnerable people, patients, or people in distress), and set mitigations such as technical controls, policy rules, staff training, oversight, redaction processes, retention limits, and access logging. Finally, you record outcomes: residual risk, sign-off, and clear triggers for review.

Key risks Data Protection Impact Assessments are designed to identify

A good DPIA for BWCs should make the key risks explicit. The most common ones include over-collection (recording more than needed, including in private spaces or capturing third parties unnecessarily), transparency failures (people not understanding they’re being recorded, why, or how to exercise their rights), and function creep (a safety tool gradually becoming performance management or behavioural surveillance without clear justification).

You also need to consider disproportionate impact in sensitive environments (healthcare, schools, social care, domestic settings), security and access risks (weak access controls, unmanaged exports, poor upload discipline, missing audit logs), retention creep (“just in case” storage that expands over time), and inappropriate sharing where disclosure rules are unclear or redaction is inconsistent.

These risks are easy to see in a typical retail scenario. A security officer responding to a suspected shoplifter near a store entrance switches on a body-worn camera. While the intended subject is captured, the footage also records a customer at the till entering their PIN, a parent disciplining a child in the background, and another customer’s prescription medication visible in a shopping bag; all examples of over-collection and disproportionate impact on third parties in sensitive moments. If the individual who entered their PIN was never told they were being filmed, that’s a clear transparency failure.

Problems often compound over time. Months later, the footage may still be stored “just in case it’s useful for training”, illustrating retention creep. A supervisor might share the clip in a WhatsApp group to warn other stores, without redacting bystanders, leading to inappropriate sharing. A year on, the same footage (or the same cameras) could be repurposed by management to monitor how long staff spend on the shop floor, a classic case of function creep. If there’s no access log showing who viewed or shared the original recording, that adds a further security and accountability risk.

This is how seemingly minor decisions add up, and exactly the kind of risk chain a DPIA is meant to surface and address before deployment, not after.

Body-worn cameras and data protection

Body-worn video is a form of surveillance with specific considerations beyond fixed CCTV, because it is mobile, situational, and often audio-enabled.

For many organisations, BWCs sit alongside wider safety and evidential needs. If you’re reviewing options, Radiocoms’ range of body-worn cameras and badges provides a useful view of common deployment contexts and operational requirements across sectors.

Data Protection Impact Assessment checklist for body-worn cameras

If you need a practical Data Protection Impact Assessment checklist for BWCs, work through the points below in order:

• Purpose: what BWCs are for, and what they are not for
• Lawful basis: which lawful basis applies to each use (evidence, safety, incident response, complaints)
• Recording rules: when recording starts and stops, whether audio is on, and where recording is not allowed
• Transparency: the approach to informing staff and the public, and the procedures followed when advance notice cannot be provided during an active incident
• Data minimisation: what “minimum effective” use looks like (who uses them, where, and when)
• Retention: how long you keep footage, what exceptions apply, and how deletion is controlled
• Access and audit: who can view footage, how access is logged, and how exports are controlled
• Sharing: who footage may be shared with, why, and how redaction is handled before release
• Individual rights: how you handle a data subject access request (DSAR), third-party redaction, and response timeframes
• Security: encryption, secure upload, secure storage, supplier checks, and incident response
• Governance: training, policy sign-off, compliance checks, and review dates
• Sign-off and review: who approves the DPIA and what triggers an update

Common mistakes to avoid

In BWC deployments, the same DPIA problems show up repeatedly. One is writing the DPIA after procurement (or after rollout), when the biggest design choices are already locked in. Another is using a generic template that doesn’t reflect your actual recording environments and workflows.

It’s also risky to skip stakeholder input (frontline staff, HR, unions, safeguarding leads, security teams, DPO/legal), or to underestimate audio and sensitive data capture. Retention can become a weak point too, particularly when it’s decided for convenience rather than necessity. Finally, DPIAs often fail in the long run when ongoing review is forgotten – changes in features, policy, or operational use can quickly make the original assessment stale.

If you’d like to discuss a specific deployment, Radiocoms can help you think through operational requirements and BWC options so your rollout is practical, compliant, and properly governed.

 

Read more about Body-Worn Cameras.