9 September 2018
Category Blog
9 September 2018,

GDPR and Private Investigation – Made Easy

Ever since the European Union (EU) passed the motion for “General Data Protection Regulation (GDPR)” in April 2016, many firms have been adjusting the way they need to operate. We as a firm have been doing this diligently over the past two years; we have gone above and beyond to abide by the new regulations set in place on 25th May 2018.

GDPR – Why?

In 2016, the EU identified that personal data had become a valuable commodity in the modern age. This lead to the Information Commissions Office (ICO) becoming responsible for the implementation of GDPR. As the quantity and type of data that is being shared increases, the risk of a serious data breaches becomes more probable. The primary objective of GDPR is to enforce new rules on business in an attempt to reduce the risk of data breaches therefore protecting EU consumer’s information. If the new regulations are breached the ICO can impose heavy fines such as charging a company € 20 million or 4 % of annual global turnover, whichever is more. In conjunction with this the ICO also has a range of corrective powers and sanctions to impose the GDPR. As a company, it is very important to us to understand the difference between the types of data that we process and how to determine the difference in the level of risk and measures required to protect it.

GDPR – Are we Compliant?

YES! By the nature of our work we have to process large amounts of data, thus if we gather personal data from someone such as a business owner and we are not GDPR compliant we are breaking the law. This can lead to substantial fines and reputational risk to our business.

GDPR – The Terminology

Many of our clients who instruct us to carry out investigations are according to the law are known as “data controllers”. We are sometimes known as “data processors” however we can also be “data controllers”. There is much confusion around these terms and their responsibilities and roles, we clear this up below.

The GDPR states the following:

Data Controller: A data controller determines the purposes and means of processing personal data. If you are a controller, you are relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with GDPR.

The meaning of this is that the investigator you hire is competent and compliant in GDPR and furthermore a contract needs to be in place detailing those roles and responsibilities.

Data Processor: a data processor is responsible for processing personal data on behalf of a controller. If you are a processor, the GDPR places specific legal obligations on you.

This specifies how a data processor is responsible for any breach and how they have to document all the actions they do with it.

GDPR – PI Roles and Responsibilities

The ICO says due to the nature of their work PI’s would be data controllers in some cases due to the high degree of independence they operate under and the fact they keep reports containing sensitive information for several months after the case is closed.

An example of this is if a business asks a PI to carry out a surveillance investigation. The PI and the business take on the position of data controllers. This is due to the type of investigation it is, here PI’s assume a large amount of independence and control over the data they will be processing. To avoid confusion about responsibilities a contract must be signed to clearly state the responsibilities for each party.


GDPR – What we can do

Regardless of the situation we will always assume the shared responsibilities of being a data processor always through written contract. This gives you the confidence that we will remain GDPR compliant throughout all our investigations.


GDPR – Our System

Our system has been designed for you: safe, reliable and constantly updated. We strive to evolve and better our system as GDPR develops. This allows us to embrace new challenges and allows us the opportunity to strive for a better future. We believe this ability to adapt not only gives us a competitive edge in our field but is also an imperative in our rapidly changing technological age.


We a bespoke Client Portal that has the following built in facilities to allow us and our clients to meet the requirements of the GDPR:

  • Secure internal emailing
  • Quotes and invoicing
  • Reports
  • Storage of evidence
  • Destruction certificates


If you require a Private Investigator in Glasgow or anywhere in the Central Scotland area then our Private Detectives are on call 24/7.

Sika SIA initial consultation is free and our team of Private Detectives will give you a peace of mind. Contact us by phone or by email and we will ensure that strict confidentiality is maintained throughout.

Contact: 01414338875 – 01313444077 – 07825374147 – [email protected]