202300362265 · FOI · released
Data protection in the Scottish Government: FOI release
Information requested
A copy of the Scottish Government's Records of Processing Activity (ROPA) as defined in Article 30 of the UK General Data Protection Regulation (UK GDPR). A copy of all legitimate interest assessments conducted by the Scottish Government where you rely on Article 6(1)(f) legitimate interests as your lawful basis for processing. A copy of all privacy impact assessments conducted by the Scottish Government. A copy of all data protection impact assessments conducted by the Scottish Government. A copy of all international transfer risk assessments conducted by the Scottish Government. A recent copy of the Scottish Government's data protection compliance assessment using the Information Commissioner's Office (ICO)'s accountability framework template. If you are using your own standards to monitor compliance with the Data Protection 2018, please provide me with copy of those. A copy of the Scottish Government's data protection policy. A copy of the Scottish Government's subject access request policy, procedures, and processes, including any guidance material such as folder structure, naming conventions, and redaction guides. A copy of the Scottish Government's privacy notices, including but not limited to employees, customers, ministers, special advisors (SPADs), complaints, NEDS, visitors, and CCTV. A copy of the Scottish Government's due diligence questions for vendor management such as independent data controllers or processors.
Response
I enclose a copy of some of the information you requested as an attachment to an email which you will receive separately. Please refer to the document in Annex A, as this acts as a summary of our response to each of your requests.
About FOI
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.