GDPR and LED: Managing requests in a changed legal landscape

28th March 2018
Request presentations from this session

About the workshop

With under 60 days until the GDPR becomes law, this workshop provided more information about what it will mean for police forces in the day-to-day business of managing requests, using a mixture of presentations and practical workshop examples.

The session was hosted by eCase and chaired by Colin Ley-Smith, National Police Freedom of Information and Data Protection Unit Manager, National Police Chief’s Council. It discussed the upcoming changes and gave the chance to work through the issues: examined the changes to request management for simple and complex requests, and looked at the legal basis for processing and how to apply GDPR and LED correctly.

Please use the form below to request presentations.

Request presentations


10:00 Welcome, introductions and objectives for the session
Colin Ley-Smith
10:25 The Changing Legal Landscape

Simon McKay

This presentation will consider the domestic and EU legal framework for data protection, including key provisions in the Data Protection Bill and examine practical challenges for law enforcement. The presentation will in particular highlight the difficulties arising where data protection law conflicts with the Investigatory Powers Act 2016. It will also identify any post-Brexit issues.


Which law am I using? Starting with the right legal basis and implementing the GDPR in practice
Toby Backhouse, NPCC Data Protection Advisor

Why is it important to understand ensure you have a note of the laws/legal basis under which processing is taking place? Do you have the record of processing activity? Starting with Subject Access and the legal basis for processing, what are the new things that you need to consider for GDPR and Law Enforcement processing?

Application of subject information rights and part 3 processing: are you working with both parts of the Bill at the same time? What are the new things that you need to take into account?

Overview of the latest developments in the working parties and what are the resources that you can use for guidance? More on the NPCC's involvement, the guidance so far and where to find it.

11:55 Real Life Workshops – Managing sensitive and complex cases and defining the right legal basis
12:40 Panel Q&A

Request presentations

The workshop gave police colleagues the chance to:

  • understand the changes to request management that GDPR will bring
  • get a Police-specific view, with insights from senior colleagues on implementation and what needs to be considered
  • put managing requests into practice and identify the issues with applying GDPR and LED
  • collaborate and share learnings with colleagues across the South East and get your questions answered by experts.

Request presentations

About the panel


Simon McKay

Simon McKay is a barrister and nationally and internationally recognised as an expert on UK national security and intelligence law. He previously advised the government on covert surveillance and counter-terrorism operations and was one of the Attorney General’s special advocates in terrorism cases. His practice includes advising on data protection and information law. He acted for the Sunday Telegraph in the House of Commons’ appeal against the disclosure of MPs’ expenses and has defended in data protection prosecutions. He is author of Covert Policing Law & Practice and Blackstone’s Guide to the Investigatory Powers Act 2016.

For more information about Simon McKay, visit


Colin Ley-Smith - Chair

Colin Ley-Smith was appointed the Manager of the National Police Freedom of Information and Data Protection Unit (NPFDU) in May 2016. The NPFDU acts as a national co-ordination body in providing professional advice and support for forces and stakeholders in all matters relating to both Freedom of Information and Data Protection within the UK police service.

Prior to joining the NPFDU, Colin was a police officer in Essex Police and then Hampshire Constabulary working in both uniform and CID roles. His last role was Head of Professional Standards, but as well as experience in territorial policing command, he has a background in Intelligence, Serious and Organised Crime, Critical Incident Management and Hostage Negotiation.

Before retiring as a police officer, Colin was seconded to the Foreign and Commonwealth Office for 12 months as a Senior Police Advisor in Afghanistan, embedded with the military and based in Kabul. His interests include DIY, travelling and keeping fit.


Toby Backhouse - Speaker

Toby Backhouse became the NPCC Data Protection Advisor in September 2017, at the busiest time for DP legislation in the last 20 years. Alongside his work for the NPCC DP Reform Group, helping prepare the police service for the new DP regime, he still has a day job providing advice, support and training to forces, and supporting (most of) the National Units, including ACRO where he is based.

He joined the Data Protection Team of Hampshire Constabulary 2004 and most recently spent 5 years as Information Governance Manager for the Hampshire side of the collaborated Hampshire/Thames Valley Police Joint Information Management Unit, working on risk discovery and management, privacy impact assessments, information sharing, data processing contracts, data quality and MoPI RRD, and other practical applications of the Data Protection Act and associated legislation.


Discover eCase

Find out how a number of police forces are successfully using eCase to manage their cases and correspondence How Police forces use eCase

Request presentations

If you weren't able to attend the event and would like copies of the presentations, please complete the form below and we'll send them to you.

We won’t share your information with any 3rd parties. We’ll only use your data to fulfill your information request above. Any data provided will be held safely in compliance with data protection legislation.