Quickly exit this site by pressing the Escape key Leave this site
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
Part 3 of the Data Protection Act 2018 transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK Law and sets out the requirements for the processing of personal data for criminal ‘law enforcement purposes’ (LEP).
Law enforcement purposes include processing for the prevention, investigation, detection or prosecution of criminal offences, or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
Any processing which is carried out for a primary purpose, other than a law enforcement purpose, will be covered by the Part 2 of the DPA 2018 under the general processing regime. For example, this may include internal HR processes and procedures.
In the context of law enforcement, the personal data we are processing will often be sensitive. When it is, we must be able to demonstrate that the processing is strictly necessary and satisfy one of the conditions in Schedule 8 of the DPA 2018 or is based on consent.
Whose personal data we process for law enforcement purposes
In order to carry out the purposes described above, Northamptonshire Police may obtain, use and disclose personal information relating to a wide variety of individuals including but not limited to;
Types of personal information we process for law enforcement purposes
In order to carry out our statutory responsibility we will process varying types of personal data, this includes;
We will use only the minimum amount of personal information necessary to fulfil a particular purpose or purposes. Personal information can be held on a computer, in a paper record such as a file or images, but it can also include genetic and biometric data as well as other types of electronically held information such as body worn or CCTV images.
Where we get personal information from
The data we process for law enforcement purposes come from a wide variety of sources, including;
There may be times where we obtain personal information from sources such as other police services and our own police systems such as our local information system.
How we handle personal information
We handle personal information according to the requirements of Part 3 of the new Data Protection Act 2018. Your personal information held on our systems and in our files is secure and is accessed on a need to know basis by our staff, police officers, or data processors working on our behalf.
We will ensure that your personal information is handled fairly and lawfully with appropriate justification. We will only use your information for lawful purposes and in connection with our requirement to uphold the law, prevent crime, bring offenders to justice, and protect the public.
We will strive to ensure that any personal information used by us or on our behalf is compliant in terms of accuracy, relevance, and adequacy and will not be excessive. We will attempt to keep it as up to date as possible and will protect your data from unauthorised access or loss.
We will review your data to ensure it is still required and we have a lawful purpose to continue to retain it. If there is no lawful purpose then your data will be securely destroyed.
Who we share personal information with
To enable Northamptonshire Police to meet their statutory duty, we may be required to share your data with other organisations that process data for a law enforcement purpose, in the UK and/or overseas, or in order to keep people safe. These organisations include;
We are also required to share law enforcement data for another purpose where an exemption applies or the organisation demonstrates there is a lawful basis for doing so. These organisations include, but are not limited to;
Disclosure of personal information will be considered on a case-by-case basis, to ensure that only personal information appropriate for the identified purpose and circumstances is disclosed, with necessary controls in place.
Some of the bodies or individuals to which we may disclose personal information are situated outside of the European Union - some of which do not have laws that protect data protection rights as extensively as in the United Kingdom. If we do transfer personal data to such territories, we undertake to ensure that there are appropriate safeguards in place to certify that it is adequately protected as required by the legislation.
How long personal information is kept
Northamptonshire Police holds your personal information as long as is necessary for the particular purpose or purposes for which it is processed. Personal information which is placed on the Police National Computer is retained, reviewed and deleted in accordance with the Retention Guidelines for Nominal Records on the Police National Computer.
Other records that contain your personal information and are processed for law enforcement purposes are retained in accordance with the College of Policing guidance on the Management of Police Information (MoPI) and the National Police Chief’s Council Retention Schedule.
Processing personal data
Law enforcement processing
Your data rights
Body Worn Video privacy notice
CCTV privacy notice
Complain to the Information Commissioner