Sharing Personal Data with the Police

by | Apr 23, 2025 | Uncategorized

Sharing Personal Data with the Police

One of the most common questions we get asked concerns sharing data with law enforcement offices. The UK GDPR does not prevent you sharing personal data with such bodies such as the police (known under data protection law as “competent authorities”) who are discharging their statutory law enforcement functions. The UK GDPR and the DPA 2018 allow for this type of data sharing where it is necessary and proportionate.

The police should however be asked to provide “212” form apart from emergency situations. (DPO for Education can provide a sample document on request). This is good practise, not only as it gives to accountability for your actions but it also proves that they have collected data in a way that could make it admissible in court.
When might you need to share?
  • Where you want to proactively share personal data; for example, you want to report a crime to the police and provide relevant personal data you hold;
  • Where you receive a request from a law enforcement authority for personal data you hold for a valid law enforcement purpose; for example, the police may request personal data from you to help them investigate a crime; or
  • Where a court order or another legal obligation compels you to share personal data with a law enforcement authority.
If you want to share personal data with the police you need a lawful basis under Article 6.
If you want to share criminal offence data you need both a lawful basis, and either ‘official authority’ or a separate condition for processing under Article 10. The DPA 2018 sets out specific conditions for this.
Collecting Staff Vaccination Data

Collecting Staff Vaccination Data

Collecting Staff Vaccination Data There is no quick answer as to whether schools are legally permitted to collect vaccination data.   As well as considerations under data protection law, employers must also be mindful of obligations arising under areas such as...

Core Principles of Data Protection

Core Principles of Data Protection

And the rights of individuals  Core Principles of Data Protection  Data must be processed lawfully, fairly and in a transparent manner Data must be collected for specified, explicit and legitimate purposesThe data collected must be adequate, relevant and limited to...

New Data Retention Guidance

New Data Retention Guidance

This is a subtitle for your new post The UK government recently issued updated guidance on record keeping for academies and trusts to assist them with their record keeping obligations.  Click here to be taken to the Government site....