Request for Information on data protection compliance

Reference: 23013

Date Added: Thursday, July 13, 2023

Category: Miscellaneous

Disclosure Details

Two duties are placed on public authorities under Section 1 of the Freedom of Information Act 2000 (FOIA). Notwithstanding applicable exemptions, the first duty at, Section 1(1) (a), is to confirm or deny whether the information specified in a request is held. The second duty at, Section1 (1) (b), is to disclose information that has been confirmed as being held. Under the provisions of those sections of the FOIA, we can confirm that the information you seek is partly held by the Office of the Police and Crime Commissioner for Gwent.

 

You have requested the following information:

 

1. A copy of your organisation's Records of Processing Activity (ROPA) as defined in Article 30 of the UK General Data Protection Regulation (UK GDPR).

No information held.

 

2. A copy of all legitimate interest assessments conducted by your organisation where you rely on Article 6(1)(f) legitimate interests as your lawful basis for processing.

No Information Held.

 

3. A copy of all privacy impact assessments conducted by your organisation.
4. A copy of all data protection impact assessments conducted by your organisation.

 

Please see attached documentation in response to questions 3&4.  You will see that some information has been redacted.  The relevant sections of the Freedom of Information Act are marked underneath each redaction.  These are:

Section 40(2) – This information contains elements of personal data, the disclosure of which would be unfair in that it would breach the first principle of the Data Protection Act which says that information must be processed fairly and lawfully.

Section 31 – Law enforcement: the information you have requested is being withheld under section 31 of the FOI Act, which applies to the release of information that may prejudice the prevention or detection of crime. Section 31 is a qualified exemption, which means that we have considered whether the public interest in releasing the information is outweighed by the public interest in not giving the information. 

 

Public Interest Test:

Factors favouring disclosure - Disclosure of the information would provide awareness to the public of how information is protected whilst being processed.

Factors favouring non-disclosure - To release all the requested information would compromise the security of the organisation by providing technical details of how data is processed.

 

Balancing Test

After considering the above factors for and against disclosure it has been decided that there would be no benefit to the public for the release of the information compared to the potential security breach our systems and process may be exposed to.  Therefore the public interest in maintaining the exemption outweighs the public interest in disclosing the information.

 

5. A copy of all international transfer risk assessments conducted by your organisation. 

No information held

 

6. A recent copy of your organisation's data protection compliance assessment using the Information Commissioner's Office (ICO)'s accountability framework template. If you are using your own standards to monitor compliance with the Data Protection 2018, please provide me with copy  of it.

No information held

 

7. A copy of your organization's data protection policy.

No information held

 

8. A copy of your organization's subject access request policy, procedures, and processes, including any guidance material such as folder structure, naming conventions, and redaction guides. 

Please see attached Subject Access Request policy.  Please use the following link to view subject access request process on the Commissioner’s website: Making a Subject Access Request | Gwent Police and Crime Commissioner (pcc.police.uk)

 

 

9. A copy of your organisation's privacy notices, including but not limited to employees, customers, ministers, special advisors (SPADs), complaints, NEDS, visitors, and CCTV.

Please use the following link to view privacy notices on the Commissioner’s website: Privacy Notice | Gwent Police and Crime Commissioner (pcc.police.uk)

 

10. A copy of your organisation's due diligence questions for vendor management such as independent data controllers or processors.

No information held – all procurement is undertaken by Gwent Police.  You may wish to contact them directly for the requested information using the following link: Submit a request for information | Gwent Police

 

 

The Freedom of Information Act is a public disclosure regime, not a private regime. Any information disclosed under the Act is thereafter deemed to be in the public domain, and therefore freely available to the general public and will be published on the OPCC website.

 

You have the right to appeal our decision if you think it is incorrect. Should you feel dissatisfied with this response or the way in which your request was handled, information on the Office of the Police and Crime Commissioner for Gwent FOI Appeals Procedure can be found on our website:

https://www.gwent.pcc.police.uk/en/transparency/know-your-rights/your-information-rights/freedom-of-information/appeals-process/

 

If you remain dissatisfied after an internal review decision, you have the right to apply to the Information Commissioner’s Office. The Commissioner is an independent regulator whose details can be found using the following link https://ico.org.uk/

 

You can also write to the Information Commissioner’s Office at the following address:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF