The Information Commissioner’s Office (ICO) has confirmed it will be conducting audits of UK police forces on their use of facial recognition technology (FRT). These audits will assess whether forces are handling personal information lawfully, fairly and proportionately, with a strong focus on governance, safeguards, and public confidence.

Our FRT Pre-Audit Service is designed to prepare forces for the ICO’s scrutiny. Acting as an independent governance, risk and compliance partner, we provide a structured review of your current practices and identify gaps before the regulator does.

What We Do

Our pre-audit examines the same key areas the ICO will assess, including:

• Governance of FRT use – oversight, accountability, and decision-making processes.
• Data Protection Impact Assessments (DPIAs) – full review of your DPIAs to ensure completeness, effectiveness, and compliance; a robust DPIA is mandatory and essential for lawful FRT deployment.
• Retention and use of personal data – ensuring policies meet legal requirements and proportionality tests.
• Staff training and awareness – assessing whether teams are equipped to handle sensitive biometric information.
• Safeguards and controls – protections in place to build and maintain public trust.
• Necessity & Proportionality Challenge – assessing whether FRT is essential, exploring less intrusive alternatives, and documenting decisions to ICO-defensible standards.
• Data Minimisation & Format Review –confirming irreversible biometric templates are used where possible and that the retention of any raw images adheres to strict, legally justified retention schedules.

Our audit provides a clear picture of your current compliance status – highlighting strengths, exposing risks, and delivering actionable recommendations. But compliance with data protection and human rights obligations is not a one-off exercise. In practice, most enforcement actions have failed on two fronts: proving necessity and proportionality, and demonstrating robust handling of biometric data formats. Our pre-audit directly addresses these high-risk areas, giving forces a defensible position if challenged by the ICO or in court.

The lawful, fair and proportionate use of FRT requires ongoing oversight, continuous improvement, and regular reviews to respond to evolving legal, ethical and public expectations.

The Benefits of a Pre-Audit

• Regulatory readiness – anticipate issues before the ICO identifies them.
• Public confidence – demonstrate proactive commitment to safeguards and transparency.
• Operational assurance – give leadership confidence that FRT is being used responsibly and defensibly.
• ICO-defensible assurance – tackle the areas most often challenged by regulators, with evidence-based documentation of necessity, proportionality, and data minimisation.