Organisations with a role in preventing and detecting crime (e.g. councils, police, regulatory bodies etc.) not only have to comply with GDPR but also Part 3 of the Data Protection Act 2018 (DPA 2018) which applies to the processing of personal data for law enforcement purposes. This is a complex task requiring, amongst other things, a set of policies, procedures and notices; a daunting task especially for organisations “starting from scratch”.
Act Now has applied its 16 years of information governance experience to create a policy pack containing essential document templates to help you meet the requirements of the DPA 2018. It will save you hours of drafting and research time. The pack includes, amongst other things, template privacy notices as well as procedures for data security and data breach reporting. Security is a very hot topic after the recent ICO fine notices issued against British Airways and Marriott International.
We have also included template letters to deal with Data Subjects’ rights requests, including subject access. This is another hot topic. On 25thJune 2019, Enforcement Notices (under Part 3 of the DPA) were served by the ICO on the Metropolitan Police, for sustained failures to comply with individuals’ rights in respect of subject access requests.
- Data Protection Policy – providing an overarching framework for compliant processing of personal data for law enforcement purposes as required under s56 DPA 2018
- Sensitive Data Processing Policy – as required under s42 of DPA 2018
- Data breach reporting
- Data Protection Impact Assessment template
- Data Subject rights request response templates
- System requirements specification – Summary of requirements to meet the audit and record keeping requirements of Part 3 of DPA 2018
- International transfers
Privacy Notice templates
- General (for publication)
- Specific (for tailoring privacy information to particular individuals as required by s 44(2) of DPA 2018)
Records and Tracking logs
- Information Asset Register
- Record of Processing Activity (s 61)
- Record of Sensitive Data processing
- Data Subject Rights request tracker
- Information security incident log
- Personal data breach log
- Third country transfer logs
- Data protection advice log
The above documents are inter-related and contain cross references, particularly across the various tracker logs.
The documents are designed to be as simple as possible while meeting the statutory requirements placed on Data Controllers. They are available as an instant download (in Word Format) following payment. Sequential files and names make locating each document very easy.
Click here to read sample documents.
For only £249 plus VAT (Special Introductory Price), the policy pack gives a useful starting point for organisations of all sizes who have a law enforcement function and will save hours of drafting time and research time.
This LED processing policy pack complements the Act Now GDPR Policy Pack which covers the general processing of personal data. The GDPR policy pack has been bought by public and private organisations including local authorities, utility companies, universities and charities