Education (Scotland) Bill: data protection impact assessment
Data protection impact assessment (DPIA) for the Education (Reform) Bill.
3. Data Controllers
Organisation |
The new qualifications body |
||
|---|---|---|---|
Activities |
The new qualifications body is expected to process data in relation to its statutory functions as set out in the Bill, including its awarding function for qualifications and the accreditation function. |
||
Is the organisation a public authority or body as set out in Part 2, Chapter 2, Section 7 of the Data Protection Act 2018? |
Yes |
||
Lawful basis for processing under UK General Data Protection Regulation (UK GDPR) Article 6 for the collection and sharing of personal data – general processing. |
Article 6. 1(c) processing is necessary for compliance with a legal obligation to which the controller is subject; 1(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. |
Lawful basis for processing under UK General Data Protection Regulation (UK GDPR) Article 9 – special category data or Article 10 – criminal convictions data Include condition from Schedule 1 or 2 of the Data Protection Act 2018 |
Article 9 2(g) processing is necessary for reasons of substantial public interest, on the basis of [domestic law] which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject. Schedule 1, Part 2 Statutory etc and government purposes. |
Law Enforcement – if any law enforcement processing will take place – lawful basis for processing under Part 3 of the Data Protection Act 2018 |
N/A |
N/A |
N/A |
Organisation |
HM Chief Inspector of Education in Scotland |
||
|---|---|---|---|
Activities |
The data controller will be required to process a variety of personal data in relation to inspection functions imposed on them through the Bill. It is not the intention to impose any additional requirements on the officeholder beyond such data currently handled by Education Scotland in undertaking inspection functions. |
||
Is the organisation a public authority or body as set out in Part 2, Chapter 2, Section 7 of the Data Protection Act 2018? |
Yes |
||
Lawful basis for processing under UK General Data Protection Regulation (UK GDPR) Article 6 for the collection and sharing of personal data – general processing. |
Article 6. 1(c) processing is necessary for compliance with a legal obligation to which the controller is subject; 1(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. |
Lawful basis for processing under UK General Data Protection Regulation (UK GDPR) Article 9 – special category data or Article 10 – criminal convictions data Include condition from Schedule 1 or 2 of the Data Protection Act 2018 |
Article 9 2(g) processing is necessary for reasons of substantial public interest, on the basis of [domestic law] which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject. |
Law Enforcement – if any law enforcement processing will take place – lawful basis for processing under Part 3 of the Data Protection Act 2018 |
N/A |
N/A |
N/A |
Contact
Email: EducationReform@gov.scot
There is a problem
Thanks for your feedback