How data protection law can help protect businesses from crime

3 Jul 2026 12:37 PM

If you run a retail business, the chances are that protecting your business from crime is something you think about every single day. Theft, violence towards staff, aggressive behaviour – these are daily pressures that can affect your livelihood, your employees' wellbeing, and your ability to keep the doors open.

The British Retail Consortium estimates there are almost 5.5 million incidents of theft and 43,000 incidents of violence against staff every year across the whole sector, with retailers continuing to invest in measures such as CCTV systems to help tackle the issue.

We know there’s sometimes a feeling that data protection law isn’t on retailers’ side; that they are on the receiving end of crime but also the ones who must tread carefully.

That’s something we want to address.

Because the reality is that data protection law enables you to use personal information, including CCTV footage, to protect your business, your staff and your premises. 

Today we’ve published advice about how to share information lawfully to help tackle crime that’s aimed specifically with small retailers in mind; time-pressed business owners who need clear answers to practical questions. 

How can I share information with my staff? Can I use facial recognition technology? How do I do to comply with the law? For each of these, the answer starts with what you can do and then walks you through the steps to do it lawfully. We have also included checklists, practical examples and template documents so that you're not starting from scratch. We’ve also shared this with industry bodies including the British Retail Consortium, Federation of Small Businesses and National Business Crime Centre for their views and input.

One area of growing interest is the use of facial recognition technology. There is a high bar to be met to ensure its lawful use in public places due to the nature of the information and the risks of wrongly identifying someone. But, if you are considering it, our guidance sets out what you need to put in place first and, if you’re a business owner, you should read it carefully before proceeding.

If you run a small business and you're grappling with retail crime, data protection law gives you a legitimate, structured way to use the information you already have to protect your business and our guidance makes it easy to do.

Emily Keaney is the Deputy Commissioner for Regulatory Policy.