Data Protection Compliance
Dear Sir/Madam,
I am writing to make a formal request for information under the provisions of the Freedom of Information Act 2000. I kindly request that you provide me with the following information:
1. A copy of your organisation's Records of Processing Activity (ROPA) as defined in Article 30 of the UK General Data Protection Regulation (UK GDPR).
2. A copy of all legitimate interest assessments conducted by your organisation where you rely on Article 6(1)(f) legitimate interests as your lawful basis for processing.
3. A copy of all privacy impact assessments conducted by your organisation.
4. A copy of all data protection impact assessments conducted by your organisation.
5. A copy of all international transfer risk assessments conducted by your organisation.
6. A recent copy of your organisation's data protection compliance assessment using the Information Commissioner's Office (ICO)'s accountability framework template. If you are using your own standards to monitor compliance with the Data Protection 2018, please provide me with copy of it.
7. A copy of your organization's data protection policy.
8. A copy of your organization's subject access request policy, procedures, and processes, including any guidance material such as folder structure, naming conventions, and redaction guides.
9. A copy of your organisation's privacy notices, including but not limited to employees, customers, ministers, special advisors (SPADs), complaints, NEDS, visitors, and CCTV.
10. A copy of your organisation's due diligence questions for vendor management such as independent data controllers or processors.
I understand that under the Freedom of Information Act, you are required to respond within 20 working days. To stay within section 12 - cost limits, I suggest asking your Data Protection Officer for the information. If this is not possible, I suggest a search of your compliance platform and your Microsoft estate for the following search terms (not case sensetive):
1. "records of processing activity" OR "ropa"
2. "legitimate interest assessment" OR "LIA"
3. "privacy impact assessment" OR "privacy impact assessments" OR "PIA"
4. "data protection impact assessment" OR "DPIA"
5. "transfer risk assessment" AND "personal data"
6. "accountability framework"
I would prefer to receive the requested information in electronic format via email.
Should you require any clarification or further details in order to process this request, please do not hesitate to contact me. I would be grateful if you could confirm receipt of this request and provide a reference number for future correspondence.
Thank you for your attention to this matter. I look forward to receiving the requested information within the statutory timeframe.
Yours faithfully,
Jay Bhanji
Thank you for your email to the Association of Police and Crime
Commissioners (APCC). Please accept this email as an acknowledgement of
receipt.
The APCC is the national membership body for Police and Crime
Commissioners (PCCs), and other local policing bodies across England and
Wales. We help PCCs to provide national leadership and influence change in
the policing and criminal justice landscape.
We are unable to respond to your email if it relates to:
• Reports of crime
To report a crime, please contact your local police force, or dial 101 if
you do not require an emergency response. You should always call 999 in an
emergency.
• Suggestions or complaints about how your local area is policed
To make a suggestion or a complaint about how your local area is policed,
please contact your local PCC/police governance body. You can find your
local PCC [1]here.
• Complaints regarding police officers or staff
If you would like to make a complaint about either police officers or
staff working for a police force, then please visit the Independent Office
For Police Conduct [2]website for more information.
• Complaints about PCCs and other police governance bodies
To do this, please contact the Police & Crime Panel for your area.
Information on this will be provided by your local council.
If we are otherwise able to respond to your enquiry, we will endeavour to
get back to you within 20 working days.
The APCC is a transparent organisation and complies with the new Data
Protection Regulations. More information about the sort of personal data
we hold, our purpose and lawful basis for doing so and who we share
personal information with can be found in our privacy statement here. The
GDPR gives you rights about what happens to your personal data and you
have the right to object to us processing your personal information.
Information on how to do this is included in our [3]privacy statement.
References
Visible links
1. http://www.apccs.police.uk/find-your-pcc/
http://www.apccs.police.uk/find-your-pcc/
2. https://www.policeconduct.gov.uk/
https://www.policeconduct.gov.uk/
3. https://www.apccs.police.uk/privacy-and-...
https://www.apccs.police.uk/privacy-and-...
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now