Introduction
We, as part of our statutory functions, can investigate and prosecute certain criminal offences. We are a competent authority for the purpose of Part 3 of the Data Protection Act 2018 (DPA 2018), which applies to the processing of personal data by such authorities for law enforcement purposes.
Part 3 of the DPA 2018 requires an appropriate policy document (APD) to be in place when undertaking sensitive processing of personal data for law enforcement purposes.
This document:
- outlines our sensitive processing for law enforcement purposes
- explains our procedures for securing compliance with the law enforcement data protection principles
- explains our policies regarding the retention and erasure of personal data processed for law enforcement purposes
This appropriate policy document satisfies the requirements of Part 3 of the DPA 2018.
This document should be read alongside our data protection policy.
Law enforcement purposes are defined at Section 31 of the DPA 2018 as the:
- prevention, investigation, detection, or prosecution of criminal offences
- execution of criminal penalties; and
- safeguarding against and the prevention of threats to public safety
Sensitive processing is defined at Part 3, section 35(8) of the DPA 2018 as:
- the processing of personal data revealing:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- the processing of genetic data, or of biometric data, for the purpose of uniquely identifying an individual
- the processing of data concerning health; and
- the processing of data concerning an individual’s sex life or sexual orientation
Scope
This policy applies to:
- all processing of personal data for law enforcement purposes
- any individual processing personal data held by the council for law enforcement purposes