Menu

Police Federation

  • X
  • Facebook
  • LinkedIn
  1. Police Federation
  2. Resources
  3. Access to information
  4. Disclosure Log
  5. FOI 00322 - Data Protection Compliance

FOI 00322 - Data Protection Compliance


Request:

Received: 15 June 2023

I am writing to make a formal request for information under the provisions of the Freedom of Information Act 2000. I kindly request that you provide me with the following information:

 

1. A copy of your organisation's Records of Processing Activity (ROPA) as defined in Article 30 of the UK General Data Protection Regulation (UK GDPR).

 

2. A copy of all legitimate interest assessments conducted by your organisation where you rely on Article 6(1)(f) legitimate interests as your lawful basis for processing.

 

3. A copy of all privacy impact assessments conducted by your organisation.

 

4. A copy of all data protection impact assessments conducted by your organisation.

 

5. A copy of all international transfer risk assessments conducted by your organisation.

 

6. A recent copy of your organisation's data protection compliance assessment using the Information Commissioner's Office (ICO)'s accountability framework template. If you are using your own standards to monitor compliance with the Data Protection 2018, please provide me with copy  of it.

 

7. A copy of your organization's data protection policy.

 

8. A copy of your organization's subject access request policy, procedures, and processes, including any guidance material such as folder structure, naming conventions, and redaction guides.

 

9. A copy of your organisation's privacy notices, including but not limited to employees, customers, ministers, special advisors (SPADs), complaints, NEDS, visitors, and CCTV.

 

10. A copy of your organisation's due diligence questions for vendor management such as independent data controllers or processors.

 

I understand that under the Freedom of Information Act, you are required to respond within 20 working days. To stay within section 12 - cost limits, I suggest asking your Data Protection Officer for the information. If this is not possible, I suggest a search of your compliance platform and your Microsoft estate for the following search terms (not case sensetive):

 

1. "records of processing activity" OR "ropa"

2. "legitimate interest assessment" OR "LIA"

3. "privacy impact assessment" OR "privacy impact assessments" OR "PIA"

4. "data protection impact assessment" OR "DPIA"

5. "transfer risk assessment" AND "personal data"

6.  "accountability framework"


Response:

Responded: 8 September 2023

Following a request by the PFEW for some clarifications, this request was subsequently closed due to non response from the requester.

X

Follow us @PFEW_HQ for our latest updates

Magazine

Read the latest edition of POLICE magazine

Reps

The Hub may not be available for some users

Discounts

Find all the latest member discounts and services
We use cookies on this website, you can read about them here To use the website as intended please... ACCEPT COOKIES