Drones – CCTV Policy & Procedures


AJSSL are fully insured, Data Protection CCTV registered Drone operators who have held a UK CAA Permission for Commercial Operation (PfCO) since the legal requirement came in (2010).

From the Information Commissioners Office, AJSSL policies and procedures comply with the Data Protection Code of Practice for surveillance cameras and personal information – V1.2 Dated 09 06 2017. This calls for compliance with 12 compliance principles.

The Information Commissioners Office provides guidance on the CCTV and drones on the following website: https://ico.org.uk/for-the-public/drones


AJSSL are operating with these covered in our operational procedures and processes. The summary of this guidance is:

Let people know before you start recording. In some scenarios this is going to be quite easy because you will know everyone within close view (for example, if you are taking a group photo at a family barbeque). In other scenarios, for example at the beach or the park, this is going to be much more difficult so you’ll need to apply some common sense before you start.

Consider your surroundings. If you are recording images beyond your home, a drone may intrude on the privacy of others where they expect their privacy to be respected (such as in their back garden). It is unlikely that you would want a drone to be hovering outside your window so be considerate to others and don’t hover outside theirs.

Get to know your camera first. It is a good idea to get to know the capability of your camera in a controlled situation to understand how it works. What is the quality of the image? How powerful is the zoom? Can you control when it starts and stops recording? Drone cameras are capable of taking unusual and creative pictures from original vantage points. Knowing the capabilities of your camera will help you to reduce the risk of privacy intrusion.

Plan your flight. Your drone’s battery life is likely to be short. By understanding its capabilities you will be able to make best use of its flight and it will be easier to plan how to avoid invading the privacy of other people. For example, it may be more privacy-friendly to launch from a different location rather than flying close to other people or their property.

Keep you and your drone in view. You won’t want to lose it, and if you are clearly visible then it will be easier for members of the public to know that you are the person responsible for the drone.

Think before sharing. Once your drone has landed, think carefully about who’s going to be looking at the images, particularly if you’re thinking about posting them on social media. Avoid sharing images that could have unfair or harmful consequences. Apply the same common sense approach that you would with images or video recorded by a smartphone or digital camera.

Keep the images safe. The images you have taken may be saved on an SD card or USB drive attached to the drone or the camera. If they are not necessary, then don’t keep them. If you do want to keep them, then make sure they are kept in a safe place.


Members of the public can request to access CCTV footage and stills with them or their property on it. They are only entitled to see the content that contains them or their property. With flights capturing up to 43 GB of imagery the review to identify them and their property will require a small administration fee of £10.

Subject Access Request Form CCTV data

(Pursuant with Recital 59 of the GDPR)

The Rights of Data Subjects

Data Subjects have a right to be told of whether a Data Controller of a CCTV system holds any personal data about them. They are entitled to view that data and to ask for a copy in a legible format. This right is subject to certain conditions and exceptions.

A request to access CCTV data can only be made in writing and is subject to a search fee of £20 in each case. Please use our contact form on this website to initiate access request. Please note – No Subject Access Request will be processed until payment has been received.

Disclosure of personal data is limited to the Data Subject or authorised Legal Representative. To ensure personal data is not released to the wrong person, a Data Controller must be satisfied of applicant’s identity. To that end the following information and documentation is required:

1. A recent colour passport photograph (originals only please)

2. One additional piece of photo ID e.g. new style driving licence or passport. (copies are acceptable)

3. A document displaying the applicants home address, e.g. utility bill, bank statement (copies are acceptable) 


– Recent full face colour photograph
– One additional item of photo identification
– One documentary address identification
– The fee of £10
– Complete our form – AJS/R3S/SOP/002 FORM F008
– Sign and date form, Section 3 (a) or 3 (b)

Once fully completed, this form should be taken or sent to the Data Controller at the following address: Data Protection Officer, A J S Support Limited, The Steading, Manor Courtyard, Stratton-on-the-Fosse, Radstock, Somerset, BA3 4QF

The Data Controller has 40 days in which to comply with this Subject Access Request following receipt of the completed form and fee.


Data Protection Principles: https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/

Surveillance Camera Code of Practice : https://www.gov.uk/government/publications/surveillance-camera-code-of-practice