Information assurance and data protection: appropriate policy document

How we meet legal obligations and requirements under data protection law, and how we protect special category and criminal convictions personal data and processing for the purposes of law enforcement.


Introduction

The UK General Data Protection Regulation (UKGDPR) and the Data Protection Act (DPA) 2018 impose obligations on the use of all personal data held by the Scottish Government, whether it relates to people and their families, employees, complainants, contractors or any other individual who comes into contact with the organisation, defined as data subjects.

This policy sets out how we meet our legal obligations and requirements under data protection law, and how we will protect special category and criminal convictions personal data, and processing for the purposes of law enforcement.

This policy will be reviewed annually, or as appropriate to take into account changes to legislation that may occur. Any breach of this policy may result in the Scottish Government being liable for the consequences of the breach.

Contact

Information Assurance and Data Protection Branch: dpa@gov.scot

Back to top