Tied Pubs (Scotland) Act 2021 implementation: data protection impact assessment

Activities

• Arbitrate (or appoint an arbitrator) on disputes between tied pub tenants and pub-owning businesses in relation to code compliance.
• Advise on the Scottish Pubs Code.
• Power to investigate non-compliance with the code.
• Provide guidance on the adjudicators practice and procedures in carrying out its functions, application and governance of the code, and the steps for pub-owning businesses to comply with the code.
• Prepare a statement on its investigation policy.
• Collect a levy from pub-owning businesses.

Is the organisation a public authority or body as set out in Part 2, Chapter 2, Section 7 of the Data Protection Act 2018?

Yes

Lawful basis for processing under UK General Data Protection Regulation (UK GDPR) Article 6 for the collection and sharing of personal data – general processing

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

Lawful basis for processing under UK General Data Protection Regulation (UK GDPR) Article 9 – special category data or Article 10 – criminal convictions data

Include condition from Schedule 1 or 2 of the Data Protection Act 2018

Substantial public interest condition: 6. Statutory and government purposes

Conditions for processing data

(a) Explicit consent (if the Adjudicator ran a survey of tenants)

(f) Legal claims or judicial acts (if the information is shared during arbitration for example with the Adjudicator)

Law Enforcement – if any law enforcement processing will take place – lawful basis for processing under Part 3 of the Data Protection Act 2018

Legal gateway for any sharing of personal data between organisations

Not relevant