Under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 individuals have a statutory right to have access to personal data which is held on computer or in a structured manual file, i.e. on paper. It is also expected that the Data Controller will ensure that the data is:
- Processed fairly and lawfully
- Obtained for specific and lawful purposes
- Adequate, relevant and not excessive
- Accurate and where necessary kept up to date
- Not kept for longer than is necessary
- Processed in accordance with the rights of the data subject
- Kept secure
- Not transferred abroad unless to countries with adequate data protection laws
For the purposes of the 2018 Act, “personal data” is information that relates to a living identifiable person. The person or organisation who controls the purpose and manner in which data is processed is the “Data Controller”.
More information on the GDPR and Data Protection Act can be found on the website of the Information Commissioner or from the address given below.
The right to access
The Information Commissioner's website provides more information on how to request personal information.
Information where North Wales OPCC is the Data Controller
Accessing personal data in this way is known as making a "subject access request". The GDPR clarifies that the reason for allowing individuals to access their personal data is so that they are aware of and can verify the lawfulness of the processing.
Requests to access information should be made to the Data Protection Officer, please see contact details below:
Office of the Police and Crime Commissioner
Glan y Don
We will respond to these requests within one calendar month.
If you consider that a request by you for access to your personal data has not been dealt with properly, you may:
Write to the Data Controller / Chief Executive at the above address seeking resolution of your complaint, or
Write to the Information Commissioner, who is appointed to consider such complaints at the:
The Information Commissioner is empowered to assess whether there has been a failure to comply with GDPR and the 2018 Act. The Commissioner can issue enforcement proceedings if satisfied that there has been a contravention of the data protection principles. The Commissioner can also recommend that you apply to court alleging a failure to comply with the subject access provisions of GDPR and 2018 Act. The court may make an order requiring compliance with those provisions and may also award compensation for any damages you have suffered as well as any associated distress.
Information where North Wales OPCC is not the “Data Controller”
In many cases, it is the Police Force and not the OPCC who hold personal information. The Police National Computer includes information on prosecutions, convictions and cautions. Chief Officers of the Police Forces are the “data controllers” for this information and not North Wales OPCC.
You have the right to be told by a Chief Officer whether any information is held about you on the Police National Computer (PNC) and a right to a copy of that information. The Chief Officer may deny access to this information where the information is held for the prevention or detection of crime or for the apprehension or prosecution of offenders and where release of the information would be likely to be prejudicial to any of these purposes.
Police Forces provide a form to simplify the exercise of your subject access rights to PNC information. In the case of North Wales Police you should contact the:
Telephone: 01492 805125
Or alternatively you could visit the website of the North Wales Police Force.