NCA Privacy Notice

NCA Privacy Notice – GDPR Processing

We sometimes need to process personal information about you so that we are able to perform our functions, including the accreditation of financial investigators and providing access to the Financial Intelligence Gateway (FIG) search. This Privacy Notice applies in relation to personal data processed by the NCA in these circumstances.

Personal data is any data that can be used to identify a living individual, on its own or in combination with other available information. References to names, identification numbers and location data are all personal data.

Processing means anything we do with the data and includes collecting, storing, and sharing.

This Privacy Notice explains how we look after personal information and relates only to processing of personal data for our financial investigation support activities. You can also read the NCA’s main privacy notice on our website here.

Key Contacts

Data Controller

The Director General is the controller for any personal data processed by the NCA. 

Data protection Officer

The Data Protection Officer is Richard Riley, he can be contacted at Units 1-6, Citadel Place, Tinworth Street, London, SE11 5EF or

How to get in touch

The NCA’s Public Information Compliance Unit manages the NCA’s data protection compliance and can be contacted at .


What information do we collect about you?

We collect information about you, when you request access to the FISS (Financial Investiation Support System) website for purposes of either:

  • POCA training/accreditation/monitoring
  • Access to the Financial Intelligence Gateway (FIG) search

    We do not collect more information than we need to fulfil these requirements. We process the following types of personal data:


  • Name
  • Email address
  • Telephone/mobile number
  • Organisation
  • Supervisor email (only for PoCA accredited/registered users)
  • PoCA Accreditation (where applicable)
  • PoCA related training course record (where applicable

Information about you is likely to be held in various forms, including emails in the NCA’s electronic filing system, as well as in paper-based records.

It is important that the personal information we hold about individuals is accurate and up to date. Please keep us informed of any changes.

Why do we use your information?

If you are a financial investigator, your FISS record will be used by the NCA Proceeds of Crime Centre to enable us to carry out our legislative responsibilities to train and accredit you, and to monitor your performance, as a financial investigator as required under the Proceeds of Crime Act 2002 (as amended).

When you obtain accreditation/registration (FIA/FIO/FI/AFI/Confiscator/SAO) your details will appear on the Financial Intelligence Gateway (FIG) list; this information (Name, email, telephone, Organisation) will be available to search by registered members of the Regulated Sector so that they can confirm that you are an accredited financial investigator.

If you work within the Regulated Sector and request access to FIG we will ask you to complete an application form with your personal details including your date of birth. This information will only be shared with the Financial Conduct Authority (FCA) for security purposes, to enable your authorisation to access FISS. Your date of birth will not be registered on your FISS record and will not be available outside of the account application process.

If you are a registered user with a Regulated Sector account, your personal account details will not be accessible by other users, apart from NCA Proceeds of Crime officers (for website account administration purposes).

Separate contact details for Regulated Sector organisations are held on the FISS system, which are available to all registered users. If you are a regulated sector account holder, your details may or may not appear on the appropriate contact details page for your organisation, dependant on the information we have been asked to publish.

When you no longer require your FISS account, your record will be archived and details will only be available to NCA Proceeds of Crime Centre officers, or your registered organisation’s SPOC.

How do we process your data lawfully?

We will only use personal information when the law permits and where it is necessary and proportionate. The NCA processes the personal data provided by financial investigators because the processing is necessary for compliance with a legal obligation to which the NCA is subject under the Proceeds of Crime Act 2002 (as amended).

Where we process personal data for access to FIG, this processing is necessary for the performance of a task carried out in the public interest. The recovery of criminal assets is in the public interest and providing access to FIG enables the cooperation of organisations with financial investigators to achieve this objective.

How do we share personal data?

Personal data will be shared with relevant NCA staff for the purposes listed above and we may share your data with SPOCs/Managers within your organisation.

If you work within the Regulated Sector and request access to FIG, the personal data you supplied as part of your application for access to the system will only be shared with the Financial Conduct Authority (FCA) for security purposes, to enable your authorisation to access FIG. We will only disclose information about individuals to other third parties if we are legally obliged to do so.

We will not:

  • Sell personal information to third parties
  • Share personal information with third parties for marketing purposes

    Your personal data will not be used for a purpose other than those outlined above. If we intend to use your personal data for a new purpose then we will notify you prior to the commencement of this processing.

    Law enforcement officers within the UK, Gibraltar and the Crown Dependencies (Jersey, Guernsey and the Isle of Man) may access the personal data of financial investigators held on FISS. Similarly, representatives of Regulated Sector organisations located in other jurisdictions may access this information when it is necessary and proportionate to do so.

How do we keep your data secure?

Your personal data will be processed securely. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In particular, to keep your data secure we have implemented restricted, permission based access for any users of the FISS system. The FISS data servers are located in a restricted access, physically secured, security approved data-center.

In addition, we limit access to your personal information to those NCA employees who have a business need to know. They will only process your personal information on our instructions. User accounts are archived when no longer needed, ensuring any FISS access is removed and removing any ability to search on FIG.

How long do we keep your data?

Your data will be retained whilst your FISS account remains active. If your FISS account is archived because you no longer require access to it, we will retain your account information in case you subsequently return to the role; we also need to retain the information in case of a criminal case review or a tribunal. We will review an archived record after six years and delete it where there is no requirement to retain it for longer..

Is my data subject to automated decision making or profiling?

Your data will not be subject to automated decision making or profiling.

Your rights as a data subject:

Under the GDPR you have a number of rights that you can exercise in relation to the data we process about you. You have a right of access; rectification; erasure; restriction; portability; and objection. Further information about these rights can be found within the GDPR and on the Information Commissioner’s Office website:

To exercise any of these rights please contact the Statutory Disclosure Team at:


Statutory Disclosure Team

PO Box 58345,



The NCA’s main Privacy Notice can be found at:

Complaints and further queries:

The NCA tries to meet the highest standards when processing personal data. We take complaints very seriously. If you have any concern about the way that we have handled your personal data please bring it to our attention via the following means:

  • NCA’s Data Protection Officer at .
  • Data Protection and Privacy Team at

    You are also able to submit complaints to the Information Commissioner’s Office, advice on how to contact them based on the nature of your concern is available at

    The ICO can be contacted at:

    The Information Commissioners Office,

    Wycliffe House,



    SK9 5AF

    Telephone: 03031231113


    Further information about this Privacy Notice

    This privacy notice has been created to be easily understood and concise. As a result, it does not include exhaustive detail about what information we hold, every organisation we share data with, how the data is collected or how long the data is kept. For further information please contact the NCA’s Data Protection Officer via

    We keep our privacy notice under regular review. If we plan to use personal data in a different way than we have outlined then we will update our privacy notice before we start any new processing.