Report Summary
Issued 30 June 2023, this FOI response provides Data Protection and GDPR information.
Note: Attachments have not been uploaded with this response due to the number and file size. These can be requested by contacting FOI@spa.police.uk
Request
- A copy of your organisation's Records of Processing Activity (ROPA) as defined in Article 30 of the UK General Data Protection Regulation (UK GDPR)
- A copy of all legitimate interest assessments conducted by your organisation where you rely on Article 6(1)(f) legitimate interests as your lawful basis for processing.
- A copy of all privacy impact assessments conducted by your organisation.
- A copy of all data protection impact assessments conducted by your organisation.
- A copy of all international transfer risk assessments conducted by your organisation.
- A recent copy of your organisation's data protection compliance assessment using the Information Commissioner's Office (ICO)'s accountability framework template. If you are using your own standards to monitor compliance with the Data Protection 2018, please provide me with copy of it.
- A copy of your organization's data protection policy.
- A copy of your organization's subject access request policy, procedures, and processes, including any guidance material such as folder structure, naming conventions, and redaction guides.
- A copy of your organisation's privacy notices, including but not limited to employees, customers, ministers, special advisors (SPADs), complaints, NEDS, visitors, and CCTV.
- A copy of your organisation's due diligence questions for vendor management such as independent data controllers or processors.