Nearly half of surveyed large and small retail organizations in the U.K. have been fined for violating General Data Protection Regulation (GDPR) video surveillance legislations.

Investigators determined that retailers are failing to protect user and employee privacy in video footage, according to a nationwide survey of retailers released by Secure Redact and conducted by Censuswide. The survey asked 500 British retailers a range of questions relating to in-store use of video surveillance technology, the visual data privacy of customers and GDPR violations.

According to the study, 43% of brands surveyed reported they had been fined for a violation of video surveillance GDPR legislation. Of these retailers, 37% reported paying an equivalent of 2% of their annual turnover, 30% said the fine amounted to 3% of annual turnover, and 15% said the fine was 45% of annual turnover. A staggering 33% of those fined had to close stores as a result of enforcement action.

U.K. retailers surveyed intend to expand video surveillance technology use, such as wireless CCTV, facial recognition technology, queue monitoring or body cameras in-store. Ninety-four percent of survey respondents already use at least one of these technologies, and all said they intend to use them more in future. However, improper use, storage and handling of video surveillance comes with significant financial and reputational liabilities for brands across the U.K. and beyond.

For more survey findings, click here.