Which legal framework will my organisation be processing under?

Section 30 of the DPA defines what a ‘competent authority’ is for the purposes of the Act. Schedule 7 of the Data Protection Act 2018 contains a list of competent authorities.

If you are not listed in Schedule 7, you may still be a competent authority if you have a legal power to process personal data for criminal law enforcement purposes. For example, local authorities who prosecute trading standards offences or the Environment Agency when prosecuting environmental offences.