This page provides advice and information about information rights obligations to those working in the criminal justice sector. It is particularly relevant to the police and others working within law enforcement.

Special category data

This guidance discusses special category data in detail. Read it if you have detailed questions not answered in the Guide to the GDPR, or if you need a deeper understanding of the conditions for processing special category data to help you comply in practice. It is aimed at DPOs and those with specific data protection responsibilities in larger organisations.

Paying the data protection fee

On 1 April 2019, the rules around paying the data protection fee changed. Members of the House of Lords, elected representatives and prospective representatives (including police and crime commissioners) are exempt from paying a fee, unless they process personal data for purposes other than the exercise of their functions as a Member of the House of Lords, an elected representative or as a prospective representative. For more information, read our guidance on the data protection fee.

Processing gangs information: a checklist for police forces

The ICO recently issued an Enforcement Notice to the Metropolitan Police Service (MPS) in relation to their Gangs Matrix, after we found it breached data protection laws. You can read a blog about it. The ICO is also investigating how information about gangs is used by other public authorities.

This checklist has been created specifically for police forces who might be using, or considering using, a Gangs Matrix, or similar system. Please note that the checklist will help you to assess compliance with data protection law, and is a guide – not a guarantee of compliance.

Law enforcement processing under the Data Protection Act webinar

We will be hosting a webinar looking at law enforcement processing under the Data Protection Act at 11am on Monday 17 September, find out more details here.


Our team often receives enquiries about surveillance technology including body worn video, ANPR and unmanned aerial systems. Advice about these technologies is provided in the updated version of the CCTV code of practice. The code sets out the Information Commissioner’s recommendations on how organisations can process personal data within the legal requirements of the Data Protection Act when using these technologies.

The Home Office has published detailed guidance for police forces about the use of body worn video (BWV), which takes into account the management of personal data obtained by the cameras.

Guidance about data protection concerns and BWV was also produced by The College of Policing in August 2014.

 You may also be interested in reading our guide on the responsible recreational use of drones – also called unmanned aerial systems (UAS) or unmanned aerial vehicles (UAVs).

We liaise with the Surveillance Camera Commissioner where appropriate. The Surveillance Camera Commissioner has also produced a code of practice. 

There is more information available about the role of the Surveillance Camera Commissioner and the tools available to help with compliance.


Data Controllers must ensure that they take appropriate technical and organisational measures against unlawful or unauthorised processing, accidental loss, destruction or damage to personal data.  Some of the ICO’s largest civil monetary penalties have been served on data controllers in the police, justice and borders sectors. This frequently occurs where insufficient safeguards have been in place for handling sensitive personal data. Here you will find advice on security measures safeguarding cloud computing and privacy impact assessments.

Further reading