Someone Recorded Me Without My Consent: What Are My Rights In The UK

If you’ve just discovered that an employee, contractor or customer recorded you (or your team) without consent, it can feel invasive and frustrating.

It’s also a legal risk - for them and for your business - and the right response depends on privacy law, employment law and, in some cases, criminal law.

In this guide, we’ll walk through what UK law says about being recorded without consent in a business context, what to do next, and how to put simple protections in place so you’re covered from day one.

What UK Law Says About Being Recorded Without Consent (For Businesses)

There isn’t one single “no recording without consent” law in the UK. Instead, several legal areas overlap. As a business, these are the key frameworks to understand:

• UK GDPR and the Data Protection Act 2018 (DPA 2018). If a recording captures personal data (e.g. someone’s voice, face, name, number plate, or anything that identifies a person), data protection rules are likely in play. For businesses, recording or keeping that footage usually requires a lawful basis (most commonly “legitimate interests”), transparency (clear notices), data minimisation and security. If you record calls, review your compliance around GDPR and business calls.
• Employment law and workplace rights. Covert monitoring of staff is very rarely justified. Employees have rights to privacy and fair treatment. If you’re the one recorded, it’s still relevant to ask whether any workplace policy banned recording, whether confidentiality duties were breached, and whether the recording involved harassment or misconduct.
• Civil claims: misuse of private information, breach of confidence, and harassment. Even in business settings, people retain a reasonable expectation of privacy in certain contexts (for example, private meetings or sensitive HR discussions). Depending on what was captured and how it’s used, a civil claim may be available.
• Criminal law. Secret recording itself isn’t automatically a criminal offence. But the manner of recording could cross lines (e.g. voyeurism, stalking/harassment, or unlawful interception of communications). Sharing or threatening to share intimate images without consent can also be criminal.
• Intellectual property and publishing. Who owns the recording? If a worker records at work, ownership and permissible use can hinge on contracts and policies. Public posting (e.g. on TikTok) can raise defamation risks and data protection issues, too.

Put simply: context matters. A hidden voice note of a private disciplinary meeting is very different to a customer filming your premises in a public-facing shop. The law weighs where it happened, what was recorded, the purpose, how it’s being used, and what your policies said at the time.

Can Employees Or Customers Record You At Work?

Short answer: they sometimes can - and sometimes really shouldn’t. Here’s the practical breakdown for small businesses:

Employees Recording Meetings Or Colleagues

It’s increasingly common for employees to secretly record meetings (e.g. performance management or grievance discussions). That doesn’t automatically make the recording unlawful, but it can breach:

• Workplace rules. If you have a clear policy banning secret recordings, that can be misconduct. Having a concise Workplace Policy that covers monitoring, recording and confidentiality makes your position clear.
• Confidentiality obligations. Recording sensitive business or personal information for improper use can be a breach of confidence. Strong confidentiality terms in your workplace confidentiality policies and contracts are essential.
• Data protection. If personal data of others is captured, using or sharing it may put both the recorder and your business at risk under UK GDPR if the recording is stored on work systems or used for work purposes.

Employment tribunals sometimes accept covert recordings as evidence in disputes - especially if they shed light on discrimination or unfair treatment - but that doesn’t mean the employee was entitled to make them. Focus on whether policies were breached and manage the conduct issue fairly and consistently.

Customers Recording On Your Premises

In customer-facing spaces that are open to the public, customers can usually film or record what they can see and hear. However, you can set house rules:

• Display reasonable notices prohibiting filming in restricted areas (e.g. back-of-house, staff-only zones).
• Direct staff to politely but firmly ask customers to stop recording in sensitive circumstances (e.g. where minors or vulnerable people are present).
• Reserve the right to refuse service or ask customers to leave if they refuse to follow lawful, reasonable rules.

If a customer posts a recording that includes misleading allegations or confidential information, consider a proportionate response: a takedown request, a measured public statement, or legal action where serious harm or clear unlawful publication is involved.

What About Your Own Monitoring And Recording?

If your business uses surveillance, you need to comply with data protection and employment law, and keep staff and visitors informed. Audio raises particular risks. Review the rules around CCTV with audio and whether you actually need to capture sound. For conversations, make sure you have a lawful basis and clear notices if you record conversations as part of your operations (for example, call quality monitoring in a contact centre).

What To Do If Someone Recorded Your Business Without Consent

If you’ve discovered a recording you didn’t agree to, take a practical, step-by-step approach. The goal is to de-escalate, manage legal risks, and protect your brand.

1) Preserve Evidence And Assess The Risk

• Secure copies or screenshots of the recording and where it’s published (URLs, timestamps, usernames).
• Record context: who, what, where, when, why (if known). Note if minors or sensitive personal data are involved.
• Check whether your policies banned recordings, and whether confidentiality or privacy duties apply.

2) Decide Your Immediate Response

• If the content is minor and not widely shared, a calm, direct request to remove it often works.
• For staff: treat it as a potential conduct issue and follow your disciplinary process. Remind yourself that a fair procedure matters - even where you feel wronged.
• If the recording includes private messages or confidential communications, consider your rights around sharing private messages without consent.

3) Consider Legal Grounds For Takedown Or Action

Depending on content, you may rely on one or more of the following:

• Data protection. If personal data was captured and processed without a lawful basis, a data protection complaint or letter setting out UK GDPR concerns can support a takedown request.
• Breach of confidence/misuse of private information. Where the content is confidential, sensitive, or from a private setting (e.g. HR meeting), you may seek removal and undertake not to use it.
• Defamation. If the post makes a false statement that causes or is likely to cause serious harm to your business’ reputation, a defamation pre-action letter may be appropriate.
• Platform policies. Social platforms prohibit certain privacy violations. A well-prepared notice citing policy breaches can be an effective route to removal.

Proceed proportionately - a heavy-handed approach can escalate matters. It often helps to start with a measured, legally grounded letter before formal claims.

4) Check Your Own Compliance (So You’re Not On The Back Foot)

• Confirm you have the right signage, notices and lawful basis if you operate CCTV or record calls.
• Review your Privacy Policy to ensure it clearly explains any monitoring or recording and your lawful basis for processing personal data.
• If third-party vendors can access or store recordings, make sure a solid Data Processing Agreement is in place.

5) Plan The Communications

• Draft a concise internal note so staff know how to respond if asked. Consistency prevents mixed messages.
• Decide whether a public response is necessary. Often, a quiet takedown is better. If you do respond, keep it factual and avoid inflaming the situation.

Recording Others Lawfully In Your Business (Policies, Notices, Consent)

Even if your immediate issue is that someone recorded you, it’s smart to tighten your own recording practices. That way, you’re not caught out later.

Get Your Lawful Basis Right

For business-run recordings (CCTV, call recording, body-worn cameras, meeting recordings), choose a lawful basis (typically “legitimate interests”) and document your assessment. Limit what you record to what you genuinely need, and set reasonable retention periods. Be extra cautious with audio in public-facing areas - assess necessity and consider alternatives.

Be Transparent

• Use clear, prominent notices for CCTV and audio. Explain the purpose (e.g. security, training) in plain English.
• Tell staff when and why monitoring may occur, and how to raise concerns. Hidden monitoring should be exceptional and justified.
• Reflect your practices in your Privacy Policy and staff handbook.

Minimise Access And Secure The Files

Only grant access to recordings on a need-to-know basis. Secure storage, access logs, encryption and regular deletion schedules are important - these reduce risks if something leaks and demonstrate responsible compliance.

Use Consent Where Appropriate

Consent can be useful for specific situations (e.g. marketing footage, testimonials, or filming on private premises). A short-form release is often the simplest route. For recurring shoots, consider a standard photography/video consent form or a participant consent document that’s easy for your team to use.

Train Your Team

Make sure staff know what to do if a customer starts filming a sensitive situation, and how to respond if they’re asked to record conversations. Consistent training reduces on-the-spot mistakes and keeps your approach lawful and courteous.

Finally, if you do decide to implement new surveillance or call monitoring, review the rules about cameras in the workplace to ensure any system you roll out strikes the right balance between security and privacy.

Key Contracts And Policies To Put In Place

A few well-drafted documents go a long way to preventing recording-related disputes and making your response easier when issues arise.

• Workplace Policy. Set expectations around recording, monitoring, confidential information, social media and disciplinary action. A tailored Workplace Policy makes it clear that secret recordings are not acceptable and explains permitted monitoring by the employer.
• Employment Contract. Include confidentiality, data protection and conduct clauses that support your policies, and clarify ownership of work-related recordings or content created in the course of employment.
• Privacy Policy. Be transparent about any CCTV, call recording or analytics, and how people can exercise their rights. Your Privacy Policy is a key compliance document customers expect to find.
• Consent Forms. If you capture content for marketing (photos, case studies, event footage), use simple permission wording. A standard photography/video consent form is helpful for repeat use.
• Data Processing Agreement. If vendors store or process recordings (e.g. cloud CCTV or call software), make sure the right clauses sit in a robust Data Processing Agreement.
• Call Recording and CCTV Notices. Keep signage and on-hold scripts short, clear and consistent with your internal policies.

Avoid generic templates - small differences in your setup (e.g. audio vs video, public vs private areas, disciplinary meetings vs training calls) can change what’s lawful and what notices you need. If you’re rolling out audio, review the stricter standards around CCTV with audio before you switch it on.

When To Get Legal Help

It’s worth getting tailored advice if any of the following apply:

• The recording includes minors, health information, financial data or other sensitive personal data.
• An employee recorded a private meeting and is threatening to share it.
• The recording has been posted online with allegations that could harm your reputation or breach confidentiality.
• You’re planning to introduce audio monitoring, call recording at scale, or body-worn cameras and need a lawful, practical rollout plan.

If you feel the recording crosses into harassment or public safety concerns, contact the police. Otherwise, a proportionate legal approach - starting with a calm letter that cites your policy position, data protection concerns, and requested actions - often resolves matters without escalation.

Key Takeaways

• Secret recordings aren’t automatically unlawful in the UK, but data protection, confidentiality, employment law and platform rules can provide strong grounds to object, seek removal and take action where appropriate.
• Context drives the outcome: where the recording happened, what it captured, and how it’s used all matter. A private HR meeting is very different to a public-facing shop floor.
• Respond methodically: preserve evidence, assess risk, decide on a proportionate response, and consider legal grounds such as data protection, breach of confidence or defamation for takedowns.
• Protect yourself proactively: have a clear Workplace Policy, train staff, use clear notices, and keep your Privacy Policy aligned with any CCTV or call recording practices.
• If vendors process recordings, lock in a proper Data Processing Agreement and restrict access to a need-to-know basis.
• For sensitive or public situations, tailored advice helps you strike the right balance between enforcing your rights and avoiding unnecessary escalation.

If you’d like help drafting policies, handling a takedown, or making sure your monitoring setup is compliant, reach us on 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.