Skip to main content

Data protection legislation requires that the Police Service of Northern Ireland is open and transparent in relation to how we use personal data and that anyone processing personal data complies with six data protection principles of good practice. Please also refer to our Adult Privacy Notice and Children's Privacy Notice for more information about how we process personal data.

The use and disclosure of personal data is governed in the United Kingdom by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Where we are processing information for law enforcement purposes we must comply with Part 3 of the Data Protection Act. Personal data processed for all other purposes will be done so in line with GDPR.

The Chief Constable of the Police Service of Northern Ireland is registered with the Information Commissioner as a data controller for the purposes of this legislation. As such he is obliged to ensure that the Police Service of Northern Ireland handles all personal data in accordance with the legislation. We take that responsibility very seriously and take great care to ensure that personal data is handled appropriately to secure and maintain individuals' trust and confidence in the service.

What is personal data?

This is defined as information relating to an 'identifiable nature person' who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data protection principles

We must comply with these principles when processing personal data, unless an exemption from them applies.

Law enforcement processing

  1. Processing of personal data for any law enforcement purposes must be lawful.
  2. The law enforcement purpose for which personal data is collected on any occasion must be specified, explicit and legitimate, and personal data collected must not be processed in a manner that is incompatible with the purpose for which it was originally intended.
  3. Personal data processed for any of the law enforcement purposes must be adequate, relevant and not excessive in relation to the purpose for which is processed.
  4. Personal data processed for any of the law enforcement purposes must be accurate and where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the law enforcement purpose for which it is processed, is erased or rectified without delay.
  5. Personal data processed for any of the law enforcement purposes must be kept for no longer than is necessary for the purposes for which it is processed. Appropriate time limits must be established for the periodic review of the need for the continued storage of personal data for any of the law enforcement purposes.
  6. Personal data processed for any of the law enforcement purposes must be processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures.

All other types of processing

Personal data must be:

  1. processed lawfully, fairly and in a transparent manner in relation to individuals.
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. accurate and, where necessary, kept up to date - every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
  5. kept in a form which permits identification or data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Obtaining information under data protection legislation, including individuals' rights

To prevent or detect crime

It is often the case that to prevent or detect crime or to locate an offender we must obtain information from another organisation or share information with them. The legislation allows us to both request and disclose this type of information, lawfully. When we request information from another organisation we must complete a form and send it to the organisation, which may hold the information.

Individuals' rights

Individuals have a number of rights under the data protection legislation:

  • Subject access 
  • Right to rectification, erasure, restriction, and data portability, the right to object, and the right not to be subject to automated processing