Personal Data is any source of information from which a living person can be identified. This includes name and address details, camera footage, telephone numbers etc.
Any person or company that processes data is bound under the General Data Protection Regulation.
NES are the data processor and the local authority act as the data controller.
The data processor is the company or person that processes the data on behalf of a data controller.
GDPR in simple terms is the regulation that establishes the rules on how companies and others can process personal data within the EU. The aim of GDPR is to strengthen laws on how companies use people’s data and reduce breaches from happening.
The GDPR sets out principles for the lawful processing of personal data. Processing includes the collection, organisation, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure or destruction of personal data.
Lawfulness, fairness and transparency
Integrity and confidentiality (security)
Subject Access Rights
Members of the public may have a right to view their own personal data held by NES under Article 15 of the Regulations. Any such queries should be made in writing to NES Management.
Right to Process Personal Data
Most queries you may receive will relate to your right to film, record and document personal details. All of which constitute Personal Data. You may have an individual claim you have no right to record them, Article 6 (e) grants you the legal right to process data because you are performing a task in the public interest and with official authority. It is very common now for people to film you whilst enforcing. Generally, GDPR does not apply as this has no connection to a commercial or professional activity, however there are occasions when it could be. (Group Discussion).
Whilst the public can film you, you may wish to remind them that posting on line may be an offence under Article 8 of the Human Rights Act which guarantees you the right to privacy. It unlikely you would ever pursue this but it may make people think about the possible implications of posting footage.
Consequences of a data breach
There are tough penalties for those companies and organizations who don't comply with GDPR fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater
What can we do to safeguard people’s data?
· Stay current on encryption practices. We use encrypted body cameras and also EDAs. Laptops and all other equipment should be password protected.
· Limit access to customer information. We limit access to our back-office system and have purposely based administrators in a central location. All data must always be safe. If any documents have an offender’s details on they must be kept in a locked office and disposed of correctly, shredded or confidential waste bins. Data should not be shared with other people outside of the organisation.
· Collect only what is necessary. We only ask for information essential to what we need. Name, address and DOB. Body camera footage is also considered data.
· Consider destroying data after you’ve used It. We delete all footage 31 days after, paid, prosecuted or written off. Data used in a prosecution or FPN will be kept for a period of 6 years.
· Make customer privacy everyone’s business. Do not share personal data or use personal equipment to store personal data of offenders.
· Make sure personal details cannot be overheard during enforcement
· Ensure any FPNS or notes that are printed are destroyed