This Practice Note provides an introduction to how law enforcement and intelligence agencies may process personal data in accordance with data protection laws and specifically with the requirements of the police and criminal justice sector Directive 2016/680/EU, known as the Law Enforcement Directive, and its implementation into UK law in Part 3 of the Data Protection Act 2018 (DPA 2018). It explains what amounts to law enforcement processing of personal data (including processing for the prevention, investigation, detection or prosecution of criminal offences, or the execution of criminal penalties and the safeguarding against and the prevention of threats to public security), who are competent authorities for the purpose of the Law Enforcement Directive as well as highlighting the data processing principles for law enforcement. The rights of data subjects, such as the right to be informed, the right of access, the right to rectification, the right to erasure or restrict processing and the right not to be subject to automated decision-making within a law enforcement context are also explained.