We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - FOI/EIR release

SPPA records of processing activity: FOI release

Published
8 September 2023
Topic
Public sector
FOI reference
202300362264
Date received
15 June 2023
Date responded
10 July 2023

Information request and response under the Freedom of Information (Scotland) Act 2002.

Information requested

  1. A copy of SPPA’s Records of Processing Activity (ROPA) as defined in Article 30 of the UK General Data Protection Regulation (UK GDPR). 

  1. A copy of all legitimate interest assessments conducted by SPPA where you rely on Article 6(1)(f) legitimate interests as your lawful basis for processing. 

  1. A copy of all privacy impact assessments conducted by SPPA. 

  1. A copy of all data protection impact assessments conducted by SPPA 

  1. A copy of all international transfer risk assessments conducted by SPPA 

  1. A recent copy of SPPA’s data protection compliance assessment using the Information Commissioner's Office (ICO)'s accountability framework template. If you are using your own standards to monitor compliance with the Data Protection 2018, please provide me with copy of it. 

  1. A copy of SPPA’s data protection policy. 

  1. A copy of SPPA’s subject access request policy, procedures, and processes, including any guidance material such as folder structure, naming conventions, and redaction guides. 

  1. A copy of SPPA’s privacy notices, including but not limited to employees, customers, ministers, special advisors (SPADs), complaints, NEDS, visitors, and CCTV. 

  1. A copy of SPPA’s due diligence questions for vendor management such as independent data controllers or processors. 

Response

I enclose a copy of some of the information you requested. Please refer to the document list attached which outlines which documents are relevant to each question. 

While our aim is to provide information whenever possible, in this instance we are unable to provide some of the information you have requested because the following exemptions under FOISA apply: 

  • 17 - Information not held
  • 25(1) - Otherwise accessible 
  • 30(c) - Substantial prejudice to effective conduct of public affairs
  • 38(1)(b) - Third party personal data 

SPPA do not hold some of the information requested as some assessments have not been required. Links have been provided in the document list to information that is otherwise accessible. Certain impact assessments have not been disclosed as doing so would compromise the security of the SPPA, substantially prejudicing the effective conduct of public affairs. Colleagues' names below executive team level have been redacted from documents to keep their data private. 

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

202300362264_1
File type
92 page PDF
File size
1.4 MB
202300362264_2
File type
51 page PDF
File size
962.7 kB
202300362264_3
File type
30 page PDF
File size
868.5 kB

Contact

Please quote the FOI reference
Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000

The Scottish Government
St Andrews House
Regent Road
Edinburgh
EH1 3DG

Back to top