Skip to main content
Hafan

Logging for law enforcement purposes

Contents

Latest updates - 04 November 2025

04 November 2025  - We have updated this section of the guidance to reflect amendments from the Data (Use and Access) Act. 

Logging for law enforcement purposes

This guidance discusses logging under Part 3 of the Data Protection Act 2018 (DPA 2018) in detail. It is aimed at ‘competent authorities’ who process personal information for any of the law enforcement purposes. In particular, Data Protection Officers (DPOs) and those with specific data protection responsibilities in the context of law enforcement processing.

To help you understand the law and good practice as clearly as possible, this guidance says what organisations must, should, and could do to comply.

Legislative requirements

Must refers to:

  • legislative requirements within the ICO’s remit; or
  • established case law (for the laws that we regulate) that is binding.

Good practice

Should does not refer to a legislative requirement, but what we expect you to do to comply effectively with the law. We expect you to do this unless there is a good reason not to. If you choose to take a different approach, you must be able to demonstrate that this approach also complies with the law.

Could refers to an option or example that you could consider to help you to comply effectively. There are likely to be various other ways you could comply.

This approach only applies where indicated in our guidance. We will update other guidance in due course.

At a glance

When you use personal information and operate automated processing systems (any IT database) for law enforcement purposes, you must keep logs for at least the following actions:

  • collection
  • alteration
  • consultation
  • disclosure (including transfers)
  • combination
  • erasure

Logs act as digital footprints and automatically record the actions of users in automated processing systems.

Logging is an internal accountability mechanism and provides a record of how somebody has used personal information within a system.

You could use these logs to help you identify violations of your acceptable use policy or investigate any inappropriate access to, or disclosure of, information, or both.

Checklist

We maintain logs in our automated systems.

 We maintain logs in a format that can be easily understood, so we can retrieve and disclose logged information if needed for audit or investigation purposes.

 We only use our logs:

  • to verify the lawfulness of processing; 
  • to assist with self-monitoring, including internal disciplinary proceedings; 
  • to ensure the integrity and security of personal information; or 
  • for the purposes of criminal proceedings.

 We can provide copies of logs that are easy to understand to an internal investigator or the ICO on request.