An audit trail is the tamper-resistant log of who did what in a surveillance system — who viewed which camera, who searched for whom, who exported a clip, who changed a setting, and when. It is what turns access from invisible to accountable: without it, a system that holds sensitive footage has no way to show whether that footage was used properly or abused, and no way to detect an insider misusing their access.
It is both a security control and a legal expectation. GDPR's accountability principle (Article 5(2)) requires an operator to be able to demonstrate compliance, and an audit trail is a primary way to show that access was appropriate and to investigate when it was not — the difference between knowing an officer looked up an ex-partner's footage and having no idea. Good audit logging records views, searches, exports, configuration changes, and failed access attempts, and protects the log itself from edits by the people it monitors.
The pitfall is logging that is incomplete, unprotected, or never reviewed. A trail that captures logins but not who watched which footage misses the abuse that matters; a log an administrator can quietly edit cannot be trusted as evidence; and a log no one ever looks at deters no one and catches nothing. Audit data is also itself sensitive and subject to retention rules. Log the meaningful actions (especially viewing and export), protect the log from tampering, review it for anomalies, and retain it appropriately — accountability only works if the record is complete, trustworthy, and actually used. This is engineering guidance, not legal advice.
