This manual has been produced by the NPCC Data Protection, Freedom of Information, information Sharing and Disclosure Portfolio Group on behalf of the NPCC. It is updated and adapted to reflect decisions made by the NPCC, views of the Information Commissioner’s Office (ICO) (where appropriate) and the evolution of the legislation as it is interpreted, challenged or reviewed.

Note that this manual has not yet been updated to reflect the legislative changes arising from The Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) Regulations 2019 as amended by The Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) Regulations 2020.

The manual should be regarded as a document that both helps to create an environment across the police service in which compliance can be achieved, and as a means of providing guidance in areas of police business where the Act is regularly applied.

The manual contains a wide variety of information including:

• Breakdown of governance and responsibilities
• Definitions
• General processing (GDPR & DPA Part 2)
• Comparison between General Processing and Law Enforcement obligations
• Law Enforcement processing (Part 3 of DPA)
• Intelligence Service processing (Part 4 of DPA)
• Assessing data protection compliance
• The Commisioner, enforcement & offences
• Case studies
• Wide variety of appendices including
  • Template DPIA
  • Template National data processing contract
  • Template information sharing agreement
  • Template Data Protection policy