Data protection legislation

The Data Protection legislation consists of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The General Data Protection Regulation provides provisions for general processing and the Data Protection Act 2018 provides provisions for general processing, law enforcement processing and intelligence service processing.

The Data Protection legislation affords individuals with rights in relation to their personal data, which are:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision making including profiling

The Data Protection legislation sets out principles that Controllers must be comply with when processing personal data. They state personal data should be:

  • Processed lawfully and fairly
  • Collected for specified, explicit and legitimate purposes and must not be processed in a manner that is incompatible with the purpose it was originally collected
  • Adequate, relevant and limited to what is necessary
  • Accurate and where necessary kept up to date, any inaccuracies should be erased or rectified without delay
  • Kept no longer than necessary with appropriate time limits established to enable review of retention periods
  • Must be processed in a manner that ensures appropriate security to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage

For more information on how the Constabulary process personal data in line with the Data Protection legislation, please see our Information Charter.

You can also visit the Information Commissioner’s website and the College of Policing’s website for more information.