As you’ll all no doubt be aware, the law around data retention changed on Friday, May 25, 2018.
The new GDPR rules are a huge change in the way organisations hold personal data and what they have to tell / ask for from those whose data is held.
In the words of the Information Commissioner, (ICO), ‘Tell it all, Tell it Fast, Tell the Truth’.
All of your respective forces are likely to have interpreted the legislation in slightly different ways, so this guidance comes with the caveat of liaising with your own Information Assurance experts in house for local nuances and decision making.
Likewise, if you work for a force which has national oversight for a project or area of policing business, you will be governed by that force’s Information Assurance practices – generally the force that deals with Freedom of Information Act requests for that business.
As a general rule, if you have any customer / media / personal data in terms of names, addresses, emails, phone numbers….you need to seek specific permission from that person to hold any of their personal data.
Specifically in the police communications world, this will include media contact data and all public data collected on community messaging and alerting systems.
Also supplier lists you might have stored – merchandise suppliers and printers for example.
Many platform owners are issuing specific advice on measures they are taking to deal with the changes.
Many of you will use the Neighbourhood Alert platform provided by VISAV – they have issued some specific measures they will be taking this week to contact all of their subscribers nationwide.
And Vuelio have yesterday, Wednesday, May 23, announced a new weeding tool is being added to the database for those using it to edit media details.
It’s a massive learning curve for us all and there will now doubt be some pain and legal contest along the way.
While I’m not an expert in data protection and information assurance, there is some simple steps everyone can take help deal with the new legislation.
All communication departments should have:
– A maintained and updated directory of personal data held by your department and the purpose for it.
For example, your media database. All those media on your content management systems / websites, should be contacted to check they are happy for you to still hold their personal data.
– An outline of your safeguarding measures regarding how you handle personal data
Where are you storing your data, is it structured, is it electronically stored in house / cloud based?
– What is your retention policy for holding data?
Have you got a weeding policy, what happens to the data you have, do you need to change policy if you hand someone else’s data to others third hand?
– Does your department have an Information Asset Owner?
This is the personal responsible for all data held within your department who is a point of contact for any data issues or breaches for your department to consider.
We have all been subject to many data security issues in the past, Management of Police Information, (MOPI), to mention one.
I would urge you all to see some specific, local guidance from your own Information Assurance experts.
External Communications Dorset Police /
Media Manager, Devon and Cornwall Police