Skip to main content
Home

Law Enforcement

On this page you’ll find guidance and information to support your law enforcement processing, if you are a competent authority (or their processors).

Brief guidance

Guide to Law Enforcement Processing

Guide to what you need to know to comply with Part 3 of the Data Protection Act 2018 (DPA 2018). It explains the requirements for controllers and processors, and also covers the additional rules for sensitive processing (including genetic and biometric data).

Detailed guidance

The Right of Access – Part 3 of the DPA 2018

How to recognise and respond to subject access requests (SARs) for information processed for law enforcement purposes. This guidance also explains when you may restrict the right of access and what to consider when acting as joint controllers.

Our opinion

The use of live facial recognition technology by law enforcement in public places

If you’re planning to use FRT in public spaces, this Opinion looks at the ICO’s regulatory responsibility in this area.

Who’s under investigation? The processing of victims’ personal data in rape and serious sexual offence investigations

This report explains how the police and legal system should use victims’ personal data in compliance with data protection laws.

In your sector

Necessity and proportionality: questions police must ask when considering sharing personal information with the public - blog from the Deputy Commissioner 

Blog to help the police to understand their legal requirements when thinking about sharing personal data.

Resources

Toolkit for organisations considering using data analytics

If you are using software to analyse data, this toolkit will help you recognise the potential risks to the rights and freedoms of processing data in this way.

Toolkit for law enforcement authorities who want to share information

Use this toolkit to help you decide whether you should share personal information.

Live Facial Recognition Technology - Data Protection Reminders

A checklist of things to think about when you want to use live FRT

ICO training video:  Data Protection Act 2018 (Part 3)

ICO training for controllers and processors who process personal data.

Case studies

Real world examples and case studies

Action we've taken

ICO investigation into mobile phone data extraction by police in the UK

This investigation looks at the data protection rules around processing data taken from mobile phones, and how to comply with the law.

External guidance

Was this page helpful? (optional)