Smart Security Camera Installation: PoE vs Wi-Fi, NVR Integration, GDPR Considerations and Cabling
Quick Answer: Professional residential CCTV/security cameras should be PoE (Power over Ethernet) rather than Wi-Fi where cabling is feasible — single CAT6 cable carries data and power, eliminates Wi-Fi reliability issues and supports 24/7 high-resolution recording to a local NVR (Network Video Recorder). Use 4K (8MP) cameras for primary coverage, 1080p for secondary. ONVIF-compliant cameras integrate with most NVR brands. UK installations must comply with GDPR / Data Protection Act 2018 — pointing cameras at neighbouring property is a privacy breach; signs informing visitors are required. Hikvision and Dahua are dominant by volume but are subject to UK government concerns; alternatives include UniFi Protect, Reolink, Synology, Axis and Mobotix.
Summary
Security camera installations have shifted dramatically over the past decade. Where once a coax-cable analogue CCTV system was standard, the modern install is IP-based, PoE-powered, recording to a network video recorder, with smartphone access and cloud backup. The technology is more capable but also more complex — and the regulatory and ethical considerations have grown alongside the technical ones.
UK GDPR and the Data Protection Act 2018 apply to camera systems that record personal data (faces, vehicle plates, behaviour). For a domestic system in a single-family home that's mostly self-monitoring, the rules are lenient. As soon as cameras point at neighbouring property, public footpaths or commercial premises, the operator becomes a data controller with full GDPR obligations. The ICO has clear guidance on this.
This article covers the practical installation decisions: camera type and placement, cabling and PoE budgeting, NVR selection and integration, GDPR compliance, and integration with the broader smart-home and alarm system. It assumes the installer holds appropriate competencies — for alarm-system integration the installer should be NSI Gold or SSAIB approved.
Key Facts
- PoE (Power over Ethernet) — IEEE 802.3af 15.4W (PoE), 802.3at 30W (PoE+), 802.3bt 60-90W (PoE++)
- Camera resolution — 1080p (2MP) entry-level, 4MP standard, 4K (8MP) high-end, 4K+ specialist
- Lens types — fixed (e.g. 2.8mm), varifocal (e.g. 2.8-12mm), motorised zoom
- Sensor sizes — 1/2.8" common; 1/1.8" or larger for low-light performance
- Day / Night sensors — IR LEDs for night vision; ICR (IR Cut Filter) switches mode
- Smart IR / EXIR — distance-aware infrared illumination
- Starlight / ColorVu — colour at very low light (Hikvision branding); Dahua "Full-Color"
- AI capabilities — person/vehicle detection, line-cross, intrusion zones, ANPR
- ONVIF Profile S/T/G — open interoperability standard between cameras and NVRs
- NVR (Network Video Recorder) — dedicated appliance for recording; some hub-based
- UniFi Protect — Ubiquiti's NVR/camera platform; subscription-free
- Synology Surveillance Station — runs on NAS; per-camera licence model
- Hikvision / Dahua — Chinese manufacturers; UK government has restrictions on use in central government estate; private use legal but with consideration
- GDPR / DPA 2018 — applies to camera systems capturing personal data
- ICO domestic exemption — household activity exemption may apply to single-family use that doesn't capture beyond own property
- Signage — required when GDPR applies; informs people they are being filmed
- Cable type — CAT6 minimum; CAT6a for 4K runs to 100m
- PoE budget — calculate total camera load against switch capacity; 4MP camera typical 6-8W
- VLANs — cameras isolated from main network per iot device cybersecurity
- Recording retention — typical 7-30 days domestic; 30-90 days for commercial
- Compression — H.264, H.265 (50% smaller than H.264), H.265+ (further reduction)
- Storage calculation — 4MP camera at 4Mbps = 1.7 GB/hour = ~40 GB/day per camera
Quick Reference Table
Spending too long on quotes? squote turns a 2-minute voice recording into a professional quote.
Try squote free →| Camera Type | Resolution | Lens | Application |
|---|---|---|---|
| Bullet 4MP fixed 2.8mm | 4MP | Fixed wide | Driveway, perimeter |
| Bullet 4MP varifocal | 4MP | 2.8-12mm | Long approach (driveway) |
| Turret / dome 4MP | 4MP | 2.8mm | Indoor / sheltered outdoor |
| 4K bullet starlight | 8MP | Fixed or varifocal | High-detail, dark areas |
| PTZ 4MP | 4MP | Motor zoom | Wide area; live monitoring |
| ANPR specialist | 2-4MP | Fixed long-focal | Vehicle plate capture |
| Doorbell camera | 2-4MP | Fixed wide | Front door |
| Indoor bullet/cube | 1080p-4MP | Wide | Hallway, garage |
| NVR Brand | Camera Compatibility | Strengths | Weaknesses |
|---|---|---|---|
| UniFi Protect | UniFi cameras only | Subscription-free, slick app, integrates with UniFi network | Locked to UniFi cameras |
| Synology Surveillance Station | ONVIF + many manufacturer drivers | Runs on NAS; broad compatibility | Per-camera licence |
| Hikvision iVMS / DS-7700 | Hikvision native + ONVIF | Excellent AI; cheap | Government concerns |
| Dahua DSS / NVR4xxx | Dahua + ONVIF | Strong feature set | Government concerns |
| QNAP QVR Pro | ONVIF + many manufacturers | Runs on NAS | Smaller community |
| Frigate (open source, on NAS) | ONVIF, RTSP | AI detection, Home Assistant integration | DIY setup |
| Axis Companion | Axis cameras | Premium quality, long support | Higher cost |
Detailed Guidance
PoE vs Wi-Fi cameras
The decision is usually simple:
Choose PoE when:
- New build or refurb where cable can be run
- 24/7 reliable recording is required
- Resolution is 4MP+ (Wi-Fi struggles with sustained high-bitrate streams)
- Multiple cameras (>4) — Wi-Fi network can't sustain that load
- Local NVR recording rather than cloud-only
Choose Wi-Fi when:
- Retrofit where cabling impossible
- Low resolution / occasional recording acceptable
- Single or few cameras
- Cloud-storage acceptable (no NVR)
- Battery-powered for flexibility (Eufy, Ring, Reolink Argus)
PoE cameras are objectively superior for serious security; Wi-Fi cameras are practical for retrofit and convenience. Most professional installs combine both: PoE for primary coverage, Wi-Fi for awkward locations.
Camera placement strategy
Coverage zones:
- Perimeter — driveway, garden boundaries, side returns
- Entry points — front door, back door, garage door, French doors
- Public-facing — front of property, road
- Interior chokepoints — hallway, stairwell (if appropriate)
Placement rules:
- 2.5-3m height — too high loses face detail; too low risks tampering
- Angle 15-30° down — captures faces, not just heads
- Avoid filming neighbouring property — privacy breach
- Avoid backlit positions (camera looking into sun) — silhouettes
- Consider IR reflection — bright surfaces (white walls, reflective gates) cause IR bounce
- Cable accessibility — for maintenance and future upgrades
Field of view:
- 2.8mm lens — ~110° horizontal; covers wide area; less detail at distance
- 4mm lens — ~90° horizontal; balanced
- 6mm lens — ~50° horizontal; long approach detail
- 12mm lens — ~25° horizontal; very specific target
PoE budgeting
Calculate switch PoE budget against expected camera load. Typical loads:
- 4MP fixed bullet — 6-8W
- 4K fixed bullet — 8-12W
- PTZ camera — 20-30W (PoE+ required)
- Camera with built-in heater (cold climates) — additional 8-15W
Example: 8 cameras typical 8W = 64W camera load. Plus access points (15W each), other PoE devices. Budget 50-100% headroom for future growth.
For 8-camera install, switch with 200W+ PoE budget is appropriate. For 16+ cameras, dedicated camera switch separate from main network switch.
Cabling
For each camera, run a single CAT6 cable from the equipment cabinet to the camera location. Considerations:
- Outdoor cabling — UV-resistant external-grade CAT6 cable; or run inside conduit
- Underground runs — direct burial cable rated for the depth and conditions; consider conduit
- Cable termination — crimp on RJ45 if camera connector accepts it, or use weatherproof junction box
- Pre-terminated cables — useful where neat termination is hard
- Conduit reservation — pull a draw string for future cable pulls
- Strain relief — secure cable with proper grommets at building entry
Cable testing: each camera run should be tested for continuity, polarity and basic Ethernet performance before camera installation.
NVR selection and configuration
For a UniFi-network home — UniFi Protect is the obvious choice. Subscription-free, integrated with UniFi switches and APs, slick mobile app. Lock-in to UniFi cameras (G3, G4, G5, AI series).
For a multi-camera mixed install — Synology Surveillance Station on a NAS gives broad ONVIF support, lots of analytics, motion detection per zone. Per-camera licence (Synology supplies first 2 free; £35-£50 each thereafter).
For Hikvision cameras — Hikvision NVR (DS-7600/7700 series) is feature-rich, cheap, with excellent AI. Mind the government policy if installing for businesses, public-facing premises or prominent residential.
For DIY / Home Assistant integrators — Frigate is free open-source NVR with strong AI detection; pairs with Home Assistant for automation triggers.
NVR configuration:
- Recording schedule — continuous or motion-triggered; commonly 24/7 continuous low bitrate + motion-triggered high bitrate
- Retention period — typical 14-30 days; calculate storage requirement
- Bitrate per stream — 4 Mbps for 4MP, 8 Mbps for 4K; lower if motion only
- Sub-stream — lower-resolution second stream for app viewing (saves bandwidth)
- AI / smart features — person detection, vehicle detection, line cross, area intrusion
- Alerts — push notifications to app for events
- Cloud backup — selective off-site backup of important events
Storage calculation
Typical storage maths for an 8-camera 4MP system, 30-day retention, motion-triggered recording (assume 30% motion):
Per camera per day:
Continuous low: 1 Mbps × 86400s = 10.8 GB
Motion-triggered high: 4 Mbps × (86400 × 0.3) = 13 GB
Total: ~24 GB/day per camera
8 cameras × 24 GB × 30 days = 5.7 TB
A typical NVR comes with 2-8 TB; for the above example specify a 12 TB drive for headroom. RAID-1 (mirroring) is recommended for retention reliability.
GDPR compliance for residential CCTV
The ICO's guidance on domestic CCTV:
Domestic exemption applies when:
- Cameras only film within your own property
- Recordings used for personal/household purposes only
- No sharing with third parties
GDPR fully applies when:
- Cameras film beyond your property boundary (neighbouring gardens, public footpaths)
- Recordings are used for purposes beyond personal household (e.g. evidence for police, insurance)
- Cameras film others routinely
If GDPR applies, the operator must:
- Have a lawful basis for processing (legitimate interest is usually valid)
- Inform people they're being filmed (signage)
- Not retain footage longer than necessary (typically 30 days)
- Provide subject access requests if asked
- Take security measures to protect the data
- Register as a data controller with the ICO if processing as part of a business
For a typical residential install where some cameras catch the public footpath:
- Adjust angles to minimise public-property capture
- Provide clear signage at entrances stating CCTV in use
- Set retention to reasonable period (14-30 days)
- Hand the homeowner an ICO information sheet
- Document the discussion in handover notes
For commercial installs (workplace, rental property, holiday let): full GDPR compliance and ICO registration are mandatory.
Integration with alarm and smart home
Modern installations don't treat CCTV as separate from the rest of the smart home:
- Alarm system integration — alarm trigger causes camera to record and snapshot the event; cameras provide visual verification
- Smart home automation — motion detection triggers light, video doorbell rings phones
- Voice control — "Alexa, show front door" displays live feed on Echo Show
- Notifications — package delivery detection, person at door, vehicle arrival
For deeper integration, MQTT or HTTP webhook bridges from NVR to home automation hub (Hubitat, Home Assistant) allow events to trigger automation flows.
Cybersecurity for cameras
Cameras are a high-risk device class. Additional measures beyond general IoT cybersecurity:
- Block outbound internet for cameras — except specifically required cloud services (e.g. NVR app remote access via VPN)
- Disable camera UPnP / P2P — many cameras try to phone home; block this
- Disable cloud accounts for cameras — local recording only where possible
- Strong password per camera — change from default
- Firmware updated — quarterly check; replace cameras past EOL
- Disable unused services — RTSP, ONVIF if not required by NVR; Telnet always
- VLAN isolation — cameras on dedicated VLAN with no main-network access
Hikvision / Dahua considerations
Hikvision and Dahua are the two largest IP camera manufacturers globally. Both have been subject to UK government action:
- November 2022 — UK government instructed central government departments to stop new procurement of Chinese-made surveillance equipment
- November 2023 — National Cyber Security Centre confirmed concerns about visual surveillance equipment from companies subject to Chinese national intelligence law
- Implications for residential — legal to use; but government installations, sensitive sites, and some commercial users have moved away
For domestic residential, Hikvision and Dahua remain the dominant value propositions and are widely deployed. Installers should:
- Disclose the manufacturer to client
- Discuss the policy context if the client has views
- Recommend appropriate firewall isolation
- Apply firmware updates promptly
Alternatives gaining ground in UK residential: UniFi Protect, Reolink, Synology IP cameras, Axis (premium), Mobotix (premium), and emerging brands compliant with PSTI Act 2024.
Frequently Asked Questions
Do I need a recording licence for residential CCTV?
You don't need a "licence" but if GDPR applies (cameras film beyond your property), you need to: provide signage, retain for limited period, comply with subject access requests. For commercial installations, ICO registration and the data protection fee apply.
Should cameras face the road?
A camera positioned at a front door inevitably captures the road. The key is what's framed: if the camera is angled to capture the doorstep with road in the background, that's typically acceptable. If the camera is deliberately framing road traffic for any purpose other than household security, GDPR rules engage and you may be processing data of vehicles passing by.
Can I use Hikvision cameras at home?
Yes, legally. Whether you should is a judgement call considering: government policy context, the privacy concerns specific to that manufacturer, your own data sensitivity. For most domestic installs the practical answer is "yes with appropriate firewall isolation." Some clients specifically request alternatives.
How long do I keep footage?
For a typical domestic system not under GDPR full compliance, 14-30 days is reasonable. Keeping years of footage indefinitely is rarely defensible if challenged. NVRs typically auto-overwrite the oldest footage when storage fills, so a 30-day rolling window is set by storage capacity.
Can my Wi-Fi camera be hacked?
Yes, particularly older or cheap Wi-Fi cameras. The PSTI Act 2024 requires modern cameras to have unique passwords per device, vulnerability disclosure policies and stated support periods. Even with these, isolation in an IoT VLAN, firewall-block of unnecessary outbound traffic, and prompt firmware updates are essential. The most secure approach is PoE cameras to a local NVR with no internet exposure for the cameras themselves.
Regulations & Standards
Data Protection Act 2018 — UK statute implementing GDPR
UK GDPR (retained EU 2016/679) — Data protection regulation
Surveillance Camera Code of Practice 2013 — Government code; relevant authorities only but informs best practice
Protection of Freedoms Act 2012 — Created the Surveillance Camera Commissioner role
PSTI Act 2024 — IoT product security; applies to network-connected cameras
BS EN 50132 — Alarm systems / CCTV surveillance
BS EN 62676 series — Video surveillance systems for use in security applications
BS 7671:2018+A2:2022 — Wiring Regulations (mains side of NVR power)
NSI Gold / SSAIB — UK security industry trade standards
ONVIF Profile S/T/G — Camera interoperability standards
GDPR signage — ICO-recommended A4 sign content
ICO — CCTV in your home — ICO domestic CCTV guidance
Surveillance Camera Commissioner — gov.uk
Surveillance Camera Code of Practice — Code of practice
PSTI Act 2024 — Product security regulations
UniFi Protect — Ubiquiti NVR platform
Synology Surveillance Station — NAS-based NVR
iot device cybersecurity — Camera security and PSTI Act compliance
home networking for av — Network design for cameras and NVR
smart doorbell and lock installation — Doorbell camera category
smart home system specification — Camera spec at design stage
smart home commissioning handover — Camera handover and GDPR briefing