Conservation of salmon consultation and consultation analysis: data protection impact assessment

A data protection impact assessment (DPIA) to consider and assess any potential privacy impacts that may be experienced during the consultation on Salmon fishing: proposed river gradings for the 2025 season, and consultation analysis of the responses.


7. UK General Data Protection Regulation (UK GDPR) principles

7.1 Principle 1 – fair and lawful (see 4.1), and transparent

Compliant – Yes

Description of how you have complied – The lawful basis for processing personal data will be public task.

7.2 Principle 2 – purpose limitation

Compliant – Yes

Description of how you have complied – The data will be collected for specific purposes and will not be processed in a manner incompatible with those proposes.

The purpose is clearly explained to respondents prior to responding.

7.3 Principle 3 – adequacy, relevance and data minimisation

Compliant – Yes

Description of how you have complied – The consultation will not gather information that is not necessary to achieve the project’s objectives. Participants are able to input as much information as they would like to open questions, and are able to skip open questions.

7.4 Principle 4 – accurate, kept up to date, deletion

Compliant – Yes

Description of how you have complied – The data from the consultation and analysis does not need to be kept up to date as it represents the participants’ views and circumstances at the point of collection. (See Principle 5 for deletion). The final outcome report will be quality assured by a policy officer from Marine Environment portfolio.

7.5 Principle 5 – kept for no longer than necessary, anonymization

Compliant – Yes

Description of how you have complied – The data processor [Scottish Government] will be processing data which is directly identifiable in the dataset. On anonymization measures, see section 5.2. Review measures will be in place to ensure that the data will be kept for no longer than is necessary by SG.

7.6 UK GDPR Articles 12-22 – data subject rights

Compliant – Yes

Description of how you have complied – Data subject rights are outlined in the privacy policy linked to from the consultation document.

7.7 Principle 6 – security

Compliant – Yes

Description of how you have complied – Data will be protected from loss or unlawful processing using appropriate methods, including storing electronic data on password protected secure severs. The Data processor [Scottish Government] is subject to SG Terms and Conditions which cover data security.

7.8 UK GDPR Article 44 - Personal data shall not be transferred to a country or territory outside the European Economic Area.

Compliant – Yes

Description of how you have complied – The project is not expected to involve the transfer of data outside the EEA.

Contact

Email: SalmonAndRecreationalFisheries@gov.scot

Back to top