The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The Information Commissioner’s Office (ICO) is urging police forces to build in data protection from the start when considering data analytics projects.

A toolkit designed to help the law enforcement sector comply with data protection law when using data analytics has been created by the ICO and is launched today.

The toolkit comes after the ICO undertook a project as part of its AI priority work to explore the use of data analytics in the law enforcement sector in order to develop an understanding of current activity.

Anthony Luhman, ICO Director, said:

“We want to help police forces get this right and our toolkit is designed to do that. We recognise data analytics is a new and complex area and this toolkit is just one of the ways the ICO is helping organisations as part of its AI priority work.

“Any innovation that relies on personal data must make the time to consider data protection – it’s the law but it’s also a vital step to gaining public trust and confidence in the technology and how you are using people’s data.”

Data analytics is the use of software to automatically discover patterns in data sets containing personal data and use them to make predictions, classifications, or risk scores. Data analytics can help forces analyse large volumes of police-held data to assess the risk of someone committing a crime or becoming a victim.

The ICO’s toolkit takes police staff through the data protection points they need to think about from the outset of any project their force is planning to undertake involving data analytics.

If a police force is considering using data analytics they should be thinking about data protection from the start, that means getting the force’s data protection officer involved early on and, with their help, conducting a data protection impact assessment.

The toolkit is available on the ICO website at

Notes to Editors

  1. The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act (DPA) 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
  3. Part 3 of the DPA 2018 applies to competent authorities (or their processors) processing for criminal law enforcement purposes. Processing for other general purposes such as HR will fall under the general processing regime in part 2 of the DPA 2018.
  4. This toolkit is designed for organisations processing under part 3. A separate toolkit for general processing under part 2 will be available early next year.
  5. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to