Report a crime online or call us on 101 or 999 in an emergency

Data protection

Information regarding how we handle data.

Please find below all the information you need to know about how we handle your personal information and how you can contact us to obtain information from us.

Personal information is managed in accordance with the following legislation and policy:

  • The Data Protection Act 1998
  • The Human Rights Act 1998
  • Freedom of Information Act
  • Computer Misuse Act 1990 Association of Chief Police Officers Code of Practice for Data Protection
  • Her Majesty’s Government Manual for Protective Security
  • Statutory Code of Practice for the Management of Police Information.


Reference will also be made to relevant case law and to legal guidance and codes of practice issued by the Office of the Information Commissioner.

The Data Controller of Surrey Police is the Chief Constable and all employees of Surrey Police act as the representatives and agents of the Chief Constable.

Surrey Police has notified the Office of the Information Commissioner that personal information is held and used for the following purposes:

Policing: the prevention and detection of crime; apprehension and prosecution of offenders; protection of life and property; maintenance of law and order; also rendering assistance to the public in accordance with force policies and procedures.

Provision of necessary services to support the Policing Purpose including:

Staff administration; occupational health & welfare; management of public relations, journalism & media; management of finance; internal review, accounting and auditing; training; property management; insurance management; vehicle & transport management; payroll & benefits management; management of complaints; vetting; management of IT; legal services; information provision; licensing and registration; pension administration; research, including surveys, performance management; sports & recreation; procurement; planning; system testing; security; health & safety management.

Full details of the Force’s notification can be obtained from the Information Commissioners website.

Disclosure or passing of personal information to other organisations or individuals is strictly controlled. There are some occasions when we will pass personal information to other official agencies because we are required to do so by law or because that agency has a legitimate reason supported by legislation to be given the information. For example: the Health and Safety Executive when investigating accidents, the Inland Revenue when investigating tax fraud and social services when considering child protection and welfare.

The Police work in partnership with other agencies to reduce crime and disorder, reduce the fear of crime and protect the vulnerable. In order to work together it is necessary to share information. Often this information is about crime figures or areas where crime or disorder is a particular problem. However, sometimes it is necessary to share personal information to tackle a particular problem involving an identified offender or victim. Sometimes information is shared to assist the partner agency in carrying out their lawful functions, but only when it is necessary and proportionate to do so.

View a full list of partner agencies we work with.

The sharing of personal information is covered by documents, known as Information Sharing protocols. These say who the sharing agencies are; when, why and what personal information might be shared and set out procedures for making and responding to requests for information and keeping the information secure.

The Data Protection Act provides the right for the individual to request a copy of personal information held about them by a data controller. This is known as 'subject access (see Section 7 of the Data Protection Act 1998 for full details).

If you would like to find out whether Surrey Police has any personal information about you and would like a copy of that information you can complete a Subject Access Request form.

Please note - if you also want to request access to criminal conviction records held on the Police National Computer you will need to contact ACRO.

The Data Protection Act contains a number of exemptions that may be applied to refuse disclosure of information. More information about these exemptions can be found on the Information Commissioner’s website. Please note – the legislation does not require that the applicant is informed when an exemption has been applied. In brief, those most likely to be relevant to information held by the police are:

Information held for the purpose of safeguarding national security.

Information held for the purpose of preventing and detecting crime, apprehending and prosecuting offenders BUT only when disclosure to the applicant might prejudice those purposes.

The Police service will also consider whether to disclose information to an application might prejudice the wider public interest or might be relevant to current or future criminal proceedings in the courts.

The Legal Aid, Sentencing, Punishment of Offenders Act 2012 contained a new framework for the legal aid scheme, which came into force on the 1st of April 2013.  The key focus in the new scheme is on providing legal aid for the most vulnerable, however, the Legal Aid Agency will require evidence of domestic violence and abuse and for protection for abused children and those at risk of abuse in order to fund legal aid.

Visit for more information on legal aid.

Visit for further guidance on applying for legal aid.

Many people need this information as part of their application for visas, residency or work permits for countries abroad. You will be asked to complete a Subject Access Request form or Police Certificate in order to provide the information necessary to search against police records. You will also be required to provide two documents that prove your identity and a fee of £10 is charged. More information is given on the relevant form.

The National Police Chief Council – ACRO Criminal Records Office carries out these checks on our behalf. When you complete these forms you will send it directly to ACRO and all queries about the progress of and response to your application must be made with ACRO. ACRO will reply directly to you at the postal address you give on the form. For further inforamtion visit the ACRO Crimial Records Office website.

You cannot be forced by an employer to make a subject access application in order to provide to them proof of your criminal record. In fact it is an offence under Section 56 of the Data Protection Act 1998 for an employer to require an employee or candidate for employment to make a subject access request for this purpose. Most types of employment are subject to the Rehabilitation of Offenders Act 1974, meaning that a person does not need to declare a conviction if a certain amount of time has passed and no further offences have been committed. Further details about Section 56 are obtainable from the Information Commissioner's Office.

If you chose to make a subject access request for this purpose you should be aware that the response will include all conviction records, including any that you are not required to declare to an employer under the Rehabilitation of Offenders Act

The government agency Disclosure Scotland provides a Basic Check which includes only those convictions that a person would have to declare. Apply for a Disclosure Scotland Basic Check.

However if your work will involve access to children, vulnerable adults or the elderly please read the information on the Disclosure and Barring Service.

You should not use the subject access procedures if your work will involve these categories of people. Disclosure and Barring Service has been established by the Home Office to provide employers with a means of checking the criminal background of potential employees.

If you will be working or volunteering with children, vulnerable adults or the elderly you should ask your employer to contact the Disclosure Barring Service.

If you are self-employed and will have access to children or vulnerable adults you should seek advice from Disclosure and Barring Service. A number of employment/recruitment agencies have become registered bodies and can facilitate a CRB check for you – they may charge an administration fee.


The Data Protection Act 1998 gives you the right to request that inaccurate information is corrected or deleted. You can also request that your information is no longer used or held if you can show that you are being caused significant and unwarranted damage or distress.

You can apply for the deletion of records from the Police National Computer (PNC), National Fingerprint Database (IDENT1) and the National DNA Database (NDNAD) under the Record Deletion Process as defined in guidance issued by the National Police Chiefs’ Council (NPCC) entitled Deletion of Records from National Police Systems.

The Record Deletion Process combines aspects of the Exceptional Case Procedure, previously defined in the ACPO Retention Guidelines for Nominal Records Held on the Police National Computer, with provisions contained in statutory guidance issued by the National DNA Database (NDNAD) Strategy Board relating to the early deletion of DNA profiles and fingerprints in certain circumstances. Both antecedent documents have now been withdrawn.

The Record Deletion Process only extends to records held on the PNC, NDNAD and IDENT1. Locally held records, including custody photographs, are not covered by this process and instead, are managed by chief officers in accordance with the Authorised Professional Practice (APP. Visit the college of policing website for further information Authorised Professional Practice.

Visit the NPCC ACRO Criminal Records Office website for further information.

Under certain circumstances, you have the right to apply to have your custody image deleted. Within Surrey Police the individual nominated to be the decision maker is Superintendent Edwards.

You can apply for a deletion when:

  • You were not charged for the offence for which the image was taken
  • You were not convicted of the offence for which the image was taken
  • If a specified time frame has passed since the conviction of the offence

Please note - Only images that relate to the offence that removal has been requested for will be taken into account and any previous or subsequent images are not considered in the review.

In order for your request to be considered, proof of photographic evidence and proof of address must be provided. In the forms of either a passport or photographic driving license, and council tax or a bank statement where following the review this information will be deleted.

If your request was unsuccessful, you can reapply within scheduled time frames, you will be advised of this with your removal decision.

Please send your requests to:

Information Management, Custody Image Removal, PO Box 101, Guildford, Surrey, GU1 9PE

Alternatively, please email your request to

Exit this website