On this page you’ll find guidance and information to support your law enforcement processing, if you are a competent authority (or their processors).
Brief guidance
Guide to Law Enforcement Processing
Guide to what you need to know to comply with Part 3 of the Data Protection Act 2018 (DPA 2018). It explains the requirements for controllers and processors, and also covers the additional rules for sensitive processing (including genetic and biometric data).
Detailed guidance
The Right of Access – Part 3 of the DPA 2018
How to recognise and respond to subject access requests (SARs) for information processed for law enforcement purposes. This guidance also explains when you may restrict the right of access and what to consider when acting as joint controllers.
Our opinion
The use of live facial recognition technology by law enforcement in public places
If you’re planning to use FRT in public spaces, this Opinion looks at the ICO’s regulatory responsibility in this area.
Who’s under investigation? The processing of victims’ personal data in rape and serious sexual offence investigations
This report explains how the police and legal system should use victims’ personal data in compliance with data protection laws.
In your sector
Necessity and proportionality: questions police must ask when considering sharing personal information with the public - blog from the Deputy Commissioner
Blog to help the police to understand their legal requirements when thinking about sharing personal data.
Resources
Toolkit for organisations considering using data analytics
If you are using software to analyse data, this toolkit will help you recognise the potential risks to the rights and freedoms of processing data in this way.
Toolkit for law enforcement authorities who want to share information
Use this toolkit to help you decide whether you should share personal information.
Live Facial Recognition Technology - Data Protection Reminders
A checklist of things to think about when you want to use live FRT
ICO training video: Data Protection Act 2018 (Part 3)
ICO training for controllers and processors who process personal data.
Case studies
Real world examples and case studies
Action we've taken
ICO investigation into mobile phone data extraction by police in the UK
This investigation looks at the data protection rules around processing data taken from mobile phones, and how to comply with the law.
External guidance
- Biometrics and Surveillance Camera Commissioner
- NPCC Body-Worn Video Guidance 2023
- College of Policing: Police information and records management Code of Practice
- College of Policing: Review, retention and disposal