Use of Personal data for Legal enforcement purposesAre you and partner organisations compliant to the new Data Protection legislation?
New requirements under Part 3 of the Data Protection Act 2018 outline new principles for the processing of personal data for legal enforcement purposes. Part 3 also subsumes into UK law the EU Law Enforcement Directive (LED). You will also need to consider if your organisation is a competent organisation or has a statutory duty it can rely upon.
Information such as CCTV footage will be commonly used and shared for legal enforcement purposes. Your organisation will need to meet these new principles and have a policy and procedures in place to ensure that only appropriate information is safely and securely provided for the purposes of law enforcement.
A Data Privacy Impact Assessment (DPIA) will be important to undertake from the outset of the processing and must be updated when changes are made to your technologies or processes. A good example of this could be the introduction the use of body worn cameras.
The General Data Protection Regulation (GDPR) also needs to be considered as more than likely the personal data will be considered as sensitive due to the impact on the individual of the processing.
You will need to be clear what your processing and why, it’s lawfulness and that personal shared is proportionate to that request and that the recipient organisations inform you immediately of any issues. Keeping your privacy statements and Record of Processing Activities (ROPA) uptodate will be important to maintaining compliance.
The surveillance Commissioners Code of Practice will also need to be considered which supports best practice in the area of CCTV control rooms and the processing and sharing of CCTV footage which identifies a person.
Find out more about the tools developed to assist your understanding of what you need to do and overall compliance