Cookie consent

This site uses cookies that need consent. Learn more

Skip to content
Case Studies

Value Retail Protects Personal Data Using Facit’s Identity Cloak

By adopting Identity Cloak, Value Retail has moved from a reactive, improvised approach to a proactive, structured one.
Posted in: Retail

#Introduction: Luxury and Responsibility

Few retail environments are as meticulously designed as those created by Value Retail. Known worldwide for its high-end shopping destinations - including its crown jewel, Bicester Village - the company's operations revolve around luxury, hospitality and high footfall facilities. Bicester Village alone attracts more than 6 million visitors every year, which makes it one of the UK's most popular retail spots.

With that kind of scale comes serious complexity. Visitors don't just expect premium brands - we're talking Gucci, Prada, Burberry and Dior - they demand a flawless, secure and respectful experience. Behind the glamorous store fronts, that expectation translates into strict operational standards, especially when it comes to security and protecting people's data.

This case study covers how Value Retail teamed up with Facit to upgrade their video redaction approach using Identity Cloak. Discover how Value Retail transformed what used to be a manual, flawed process into something reliable, compliant and efficient.

#The Challenge: Balancing Security, Privacy and Practicality

Yasmin Khan, who reports to Data Protection Officer Madeleine Bonvin, plays a central role in ensuring compliance across Value Retail's European operations. Her responsibilities span vendor assessments, risk analysis, GDPR Records of Processing Activities (RoPA) and policy reviews.

When the need for a dedicated redaction solution became obvious, Yasmin identified Facit's Identity Cloak as a strong candidate. The purchasing process followed a structured path:

1. Initial discovery and evaluation by the Data Protection team

2. Submission to IT for due diligence

3. Technical and security review of both company and product

This rigorous approach ensured that the chosen solution met operational and compliance requirements.

#A Complex Data Protection Landscape

Retailers today operate in a world dominated by strict data protection laws, particularly the General Data Protection Regulation (GDPR). Under GDPR, any information that can identify someone, directly or indirectly, counts as personal data. This isn't just names and contact details - it includes:

  • Facial images captured on CCTV

  • Distinctive clothing or physical features

  • Vehicle registration plates

In practical terms, this means video footage from CCTV systems almost always gets classified as personal data. People have the right to request access to such data through Subject Access Requests (SARs), and organisations must respond within tight deadlines, typically one month.

For a business like Value Retail, which runs extensive CCTV coverage across public areas, entrances and extensive car parks, this creates a significant operational headache.

#The Reality of SARs and Video Footage

Value Retail doesn't get bombarded with SARs, but even a small increase was enough to expose the glaring inefficiencies in their old processes.

Most requests relate to incidents in car parks - minor incidents or insurance claims - rather than in-store events, which individual brands typically handle themselves.

When responding to SARs involving video, one critical rule applies: only the data subject (the person making the request) can be identifiable in the footage. Everyone else must be redacted. Why? Because those other people also have privacy rights under GDPR, and revealing their identities without legal justification would be a data breach.

This redaction requirement creates a significant challenge. In a busy retail environment, a single frame might contain dozens of people.

#Manual Processes and Substandard Redaction

Before adopting a specialised solution, Value Retail relied on manual redaction methods:

  • Extracting still images from video footage

  • Placing black boxes over faces or license plates

  • Editing clips using whatever tools they had to hand

It just about worked, but this approach was far from ideal.

As Yasmin Khan, Assistant Data Protection Manager, bluntly described it, it was "largely a botch job." The manual redaction process was time-consuming, inconsistent and vulnerable to human error.

Manual redaction doesn't scale, period. Even a slight increase in SARs can quickly overwhelm teams, especially when video editing is just one small piece of much broader data protection responsibilities.

#The Legal and Ethical Imperatives: Why Redaction Matters for Value Retail

#Personal Data in Video

Retailers today operate in a world dominated by strict data protection laws, particularly the General Data Protection Under GDPR, the definition of personal data is intentionally broad. Someone doesn't need to be named to be identifiable. A clear image of a face, a distinctive outfit, or a vehicle license plate can be enough.

This has serious implications for video footage:

  • Facial recognition isn't required for identification

  • Contextual clues (location, time, behaviour) can reveal identity

  • Third parties captured accidentally are still protected

Failing to redact such data when responding to a SAR can expose organisations to regulatory penalties and reputational damage.

#Privacy Rights and Fair Processing

People have a fundamental right to privacy. When they submit a SAR, they're exercising their right to understand how their data gets used. But this right must be balanced against everyone else's rights.

This is exactly why video redaction is essential. It ensures that:

  • The requester gets their data

  • Everyone else's privacy stays intact

  • The organisation remains compliant

#Chain of Custody and Legal Integrity

Another critical consideration is the chain of custody - the documented process that ensures evidence (including video) gets handled securely and remains unaltered except for necessary redaction.

In legal contexts, like court proceedings, the responsibility for redaction typically falls on the organisation disclosing the footage. If Value Retail provides video evidence to the police, lawyers or insurers, they must ensure that any irrelevant individuals are anonymised unless disclosure is legally justified.

This compliance responsibility can't be casually outsourced. It requires tools and processes that are both reliable and auditable.

#The Solution: Facit’s Identity Cloak

Yasmin Khan, who reports to Data Protection Officer Madeleine Bonvin, plays a central role in ensuring compliance across Value Retail's European operations. Her responsibilities span vendor assessments, risk analysis, GDPR Records of Processing Activities (RoPA) and policy reviews.

When the need for a dedicated redaction solution became obvious, Yasmin identified Facit's Identity Cloak as a strong candidate. The purchasing process followed a structured path:

1. Initial discovery and evaluation by the Data Protection team

2. Submission to IT for due diligence

3. Technical and security review of both company and product

This rigorous approach ensured that the chosen solution met operational and compliance requirements.

#How Facit offered Value Retail a Specialist Approach

The Limits of General Tools

  • Cost-effectiveness
    The software offered robust functionality at a price that matched the Group’s budget.

  • Live environment testing
    The ability to trial the solution in a real-world setting before purchase gave Witherslack confidence in the tool’s capabilities.

  • Comprehensive functionality
    Identity Cloak delivered all the features promised, from automated tracking to simple manual editing.

  • High-quality support
    Facit provided hands-on support and guidance throughout onboarding and implementation.

  • Regulatory confidence
    The solution ensured the Group could meet GDPR obligations with confidence, consistency and security.

Standard video editing software isn't designed for compliance. It lacks:

  • Automated detection of faces or license plates

  • Consistent anonymisation methods

  • Audit trails for regulatory scrutiny

In contrast, specialist tools like Identity Cloak are built specifically for privacy protection.

The Advantages of Identity Cloak

Precision and Flexibility

Yasmin Khan highlighted the value of the crop (zoom) function, which lets users focus on distant subjects. This is particularly important in large outdoor spaces like car parks, where individuals might appear tiny within the frame.

Customisable Redaction

The ability to apply custom-shaped blurs ensures that redaction actually works and looks coherent. Unlike crude black boxes, these tools allow for more precise anonymisation.

Ease of Use

Despite its sophistication, Identity Cloak is highly intuitive. Ease of use is crucial for teams who might only use the tool occasionally but need it to perform reliably when time is short.

Time Efficiency

Automating aspects of the redaction process dramatically reduces the time required to prepare footage for disclosure.

Results: Confidence, Compliance and Control

A Small Task, Done Properly

For Yasmin Khan, video redaction represents only a small part of her workload. Yet it's a critical one. As she puts it:

"Identity Cloak makes my life easier."

Even with a low volume of SARs, having the right tool in place provides peace of mind. It ensures that when requests do arise, they can be handled efficiently and correctly.

Operational Benefits

The introduction of Identity Cloak has delivered several measurable benefits:

  • Reduced manual effort and processing time

  • Improved consistency in redaction

  • Lower risk of compliance breaches

  • Enhanced confidence within the Data Protection team

Supporting the Reputation of Luxury Brands and Retail Parks

For Value Retail, reputation is everything. Luxury brands depend on environments that reflect exclusivity, trust and discretion. Any mistake in data protection - particularly involving customer imagery - could destroy that trust.

By adopting a reliable redaction solution, Value Retail reinforces its commitment to safeguarding customer privacy.

#Conclusion: Being Prepared Creates a Strategic Advantage

Value Retail's work with Facit illustrates a broader point about data protection: compliance isn't just about meeting legal requirements - it's about being prepared.

Even organisations with relatively low volumes of SARs must be ready to respond quickly, accurately and responsibly. Manual processes might work in the short term, but they rarely stand up to scrutiny or scale.

By adopting Identity Cloak, Value Retail has moved from a reactive, improvised approach to a proactive, structured one. The result is not only improved efficiency but also boosted confidence internally.

In a world in which privacy expectations continue to rise, confidence within the data protection team is invaluable.

#The Broader Context: Challenges in Retail and Facilities Management

#Retail: High Footfall, High Risk

Retail environments are uniquely challenging from a data protection perspective:

  • Massive volumes of visitors

  • Extensive CCTV coverage

  • Frequent incidents requiring review

According to industry reports, UK retailers lose billions annually to theft and fraud, which drives increased reliance on surveillance systems. Yet this reliance must be balanced with privacy obligations.

#Facilities Management: The Invisible Backbone

Facilities management teams, often responsible for CCTV infrastructure, face additional pressures:

  • Maintaining system uptime and coverage

  • Managing data storage and retention

  • Supporting investigations and disclosures

Facility Managers bridge security and compliance, often without dedicated tools for privacy management.

In this context, solutions like Identity Cloak become absolutely essential.

#A Note on "Weaponised" SARs

Interestingly, Value Retail has received only a small number of so-called "weaponised" SARs - requests used strategically by individuals in disputes. However, these tend not to involve video footage. Instead, they're more commonly linked to membership or customer service issues.

This highlights an important point: while SARs can be complex, not all require the same level of technical response. Having a flexible, scalable solution ensures that organisations can respond appropriately in each case.

Image of people shopping in a retail clothing store with rails of clothing around the store, fluorescent lighting and pot plants In different areas.

River Island

How River Island Achieved Video Compliance Excellence

Quality-First Decision Making: River Island Choses Identity Cloak

Identity Cloak isn’t just a piece of software, it’s essential in ensuring we meet our obligations to our customers, our staff and the law.

Jenny Jones, Pensions Administrator
Read Case Study
Black and white image of a ladies side profile with her head redacted, behind her is blurred with people in the back.

Supporting a major grocery retailer to complete every CCTV and bodycam footage request on time

This retailer wanted to simplify the video redaction process whilst also being GDPR compliant cost-efficient manner.

Read Case Study

Download the Value Retail case study

To download any of our case studies, complete the form below.

Related Case Studies

Multiple students walking in a school corridor wearing blue school uniforms.
Video Redaction

Chignecto Central Regional Centre for Education

Read Case Study
Black and white image of a ladies side profile with her head redacted, behind her is blurred with people in the back.
Video Redaction

Supporting a major grocery retailer to complete every CCTV and bodycam footage request on time

Read Case Study
Image of the Tate Britain building in London from a low angle view at the bottom of the steps with bright blue sunny skies.
Video Redaction

Tate Museum Boosts Security Response with Facit’s Identity Cloak Redaction Software

Read Case Study