Appropriate policy document - law enforcement processing

Compliance procedures

To maintain accountability we will:

appoint a data protection officer who reports to our highest management level
take a 'data protection by design and default' approach to our activities
keep records of our processing activities
ensure contracts are in place with third parties processing personal data for law enforcement purposes on our behalf
ensure robust security measures are in place
conduct data protection impact assessments for high-risk processing activities

To ensure sensitive processing is undertaken lawfully and fairly, we will:

only carry out sensitive processing when it is strictly necessary for law enforcement purposes
ensure sensitive processing is carried out with consent or under a Schedule 8 condition

To limit the processing personal data collected for law enforcement purposes we will:

only use personal data for non-law enforcement purposes where permitted by law
only share personal data with other organisations if they are legally permitted to use it

To minimise the personal data we process for law enforcement purposes we will:

collect only the personal data necessary for the relevant law enforcement purpose
erase data that is irrelevant to our purposes

To ensure that we process accurate personal data, we will:

ensure personal data is accurate and up to date where needed
be careful to maintain accuracy of personal data
differentiate data based upon facts from data based on opinions
where possible, separate data by categories that identify individuals as suspects, convicted offenders, victims and witnesses
take steps to prevent inaccurate or outdated data from being used
keep records of decisions to share personal data for law enforcement purposes

To ensure that we don’t hold personal data for longer than we need to, we will:

To maintain the confidentiality and integrity of personal data process for law enforcement purposes, we will: