How can we help?

Search

Data Protection

    CCTV Statement

     

    1. Introduction

     

    Enterprise Ireland controls a number of CCTV cameras across its global network of offices for defined purposes. Enterprise Ireland controlled CCTV systems are used for security and for health and safety purposes. These systems capture images that may identify individuals either directly or indirectly who enter Enterprise Ireland Offices. 

     

    This Notice covers Enterprise Ireland controlled CCTV systems in relation to the monitoring, recording, use, and storage of recorded material across the national and global network of offices.

     

    This Notice sets out how Enterprise Ireland manages its CCTV system and the data that it processes. Enterprise Ireland’s use of CCTV complies with the General Data Protection Regulation (GDPR) and the Data Protection Act (2018). This Notice sets out the responsibilities of Enterprise Ireland and your rights as an individual in relation to your identifiable CCTV images.

     

     

    2. Purpose 

     

    Article 5(1)(c) of the General Data Protection Regulation (the “GDPR”) requires that personal data shall be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. Operating 24 hours a day, seven days a week, Enterprise Ireland uses CCTV systems for two purposes:

     

     

    2.1. Security

     

    To protect Enterprise Ireland’s property, staff, contractors and any visitors from criminal activity, physical assault, threatening behavior or robbery.

     

    Legal Basis: The legal basis for this is the legitimate interests pursued by Enterprise Ireland which include protecting the agency’s staff, contractors and any visitors from physical assault, threatening behaviour or robbery, as well as protecting the property of Enterprise Ireland from theft, criminal damage or any other criminal activity.

     

     

    2.2. Personal Safety

     

    To protect the health and safety of the agency’s staff, contractors and visitors from accidental harm or injury. 

     

    Legal Basis: The legal basis for this is the Safety, Health and Welfare at Work Act 2005 and Section 3 of the Occupiers' Liability Act, 1995.

     

    This Notice rules out CCTV monitoring for any purpose other than that set out above. Furthermore, it is limited to uses that do not violate the reasonable expectation to privacy as defined by law. Collection, storage and use of CCTV footage will adhere to the data privacy principles set out in the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

     

     

    3. Operation of CCTV System

     

    In line with the agency’s Physical Security Policy, where CCTV is installed, local signage is provided to alert employees and visitors. Cameras are positioned so that they only monitor areas intended to be covered by the equipment. 

     

    The images captured by Enterprise Ireland’s CCTV system are retained for 30 calendar days. It is important to note that in exceptional circumstances, images may be retained for longer time periods. In this case, the CCTV images or “footage” will be retained until the investigation and all associated appeal processes have been concluded.

     

     

    4. Your Access and Requests for Information

     

    You have access to your identifiable CCTV images and related information under the General Data Protection Regulation (GDPR). 

     

    If Enterprise Ireland has captured your identifiable CCTV image and you wish to obtain a copy, you can complete a Subject Access Request (SAR) request and send to Enterprise Ireland’s Data Protection Officer by email or post to the address shown below. Enterprise Ireland will issue you a copy of your identifiable CCTV images (obscuring those images which identify others) and the following information, where relevant:

     

    a) The purposes for which your CCTV images are captured. 

     

    b) The period for which the CCTV images will be stored. 

     

    c) Details of your right to complain to the Data Protection Commission. 

     

    d) Confirmation that we do not use your CCTV images for automated decision-making, including profiling. 

     

    In addition, you have the following rights:

     

    • Right to be told about a Personal Data Breach involving your identifiable CCTV images. Where your identifiable CCTV images have been accessed by, or disclosed to unauthorised persons, lost, destroyed or unlawfully processed and this may result in a high risk to your rights and freedoms, we must inform you without delay.
    • Right to complain to the Data Protection Commissioner about GDPR infringements. You may complain to the Data Protection Commission, if you think that our processing of your identifiable CCTV images has infringed the GDPR.

     

     

    5. Third Party Requests

     

    Access to, and disclosure of CCTV images to third parties is strictly controlled and documented. This is to ensure that your rights are maintained, and that the chain of evidence remains intact should the CCTV images be required for evidential purposes.

     

    On occasion, Enterprise Ireland may be asked to disclose CCTV recordings to third parties for a purpose other than that for which they were originally obtained. This may include, but is not limited to, the following:

     

    • An Garda Síochána or another law enforcement body requesting that footage be provided to assist in the investigation of a criminal offence.
    • Individuals whose images has been captured by CCTV systems or requests on their behalf by their legal representative subject to a Court Order.
    • Individuals whose images have been recorded by CCTV systems and who have submitted a valid Subject Access Request (or “SAR”) under the Data Protection Act 2018 or a valid Freedom of Information (or “FOI”) Access Request under the Freedom of Information Act 2014.
    • In exceptional circumstances, CCTV images may be used in the context of a formal internal investigation or disciplinary procedure concerning a staff member.

     

    All third-party requests for access to CCTV footage will be dealt with on a case-by-case basis to ensure that the principles of data protection are adhered to, and the rights of individuals are not prejudiced. CCTV images, by their nature, are correct and we only store them for the reasons of security and personal safety for a period of 30 days, after which time they are deleted.

     

    All individuals requesting access to CCTV footage will be asked for up-to-date photographic identification (for example, passport, driver’s license, etc.). Members of An Garda Síochána or relevant Authorities will be asked for identification and badge number.

     

     

    6. Implementation and Review

     

    It is the responsibility of the Data Protection Officer (DPO) to ensure that this notice is updated at regular intervals for continued compliance. If Enterprise Ireland makes changes to this policy such changes will be identified by updating this Notice on the agency’s corporate website.

     

     

    7. Contact details for Enterprise Ireland’s Data Protection Office

     

    Data Protection Officer

    Data Protection and Freedom of Information Office

    Enterprise Ireland

    The Plaza

    Eastpoint Business Park

    Dublin 3

    D03 E5R6

    gdpronline@enterprise-ireland.com

     

© 2025 Enterprise Ireland All rights reserved
VAT No: IE9590828H