We have approved and published the first sector-owned code of conduct – The Association of British Investigators Limited (ABI) UK GDPR Code of Conduct for Investigative and Litigation Support Services.
Under Article 40 of UK GDPR, organisations may create codes of conduct that identify and address data protection issues that are important to their sector.
This code, which investigators in the private sector can sign up to, will provide certainty and reassurance to those using their services – ensuring investigators are compliant with the UK GDPR requirements. This will assist investigators to navigate the challenges between conducting investigations whilst respecting people’s privacy rights.
Key data protection issues facing the private investigations sector are addressed within the code. For example, the roles and responsibilities of code members when acting as data controllers, joint controllers or processors, and when and how to complete a Data Protection Impact Assessment. It also helps code members to identify and document the correct lawful basis for invisible processing – including covert surveillance, tracking devices, background checks and social media monitoring. Further guidance is also included, with examples, for lawfully tracing and locating people.
Emily Keaney, Deputy Commissioner for Regulatory Policy, said:
“Codes of Conduct are an excellent way of helping organisations demonstrate data protection compliance and protecting people’s data rights, and we are delighted to have approved the first Code of Conduct under UK GDPR. They enable organisations to address and resolve any data protection challenges, whilst also providing transparency and regulatory certainty.
“We hope that our approval of this code encourages other sectors to also recognise the benefits of developing their own codes of conduct, demonstrating best practice and accountability.”
Tony Imossi, the Secretariat of The ABI and author of the ABI Code of Conduct added:
“The code exemplifies the ABI’s commitment to professional investigations, upholding the highest standards of integrity and confidentiality. This is crucial for ensuring trust and compliance with the data protection law.”
For further information on codes of conduct, please visit our website or contact us on: [email protected].
Notes to editors
- SSAIB has been appointed as the Monitoring Body by ABI, pending ICO approval. SSAIB will be responsible for independently assessing and reporting on code member compliance.
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
- The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.