Education Scotland and GDPR – Our Commitment to Data Privacy
Education Scotland is committed to compliance with the EU General Data Protection Regulation (GDPR), which came into effect on May 25th 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.
What Are the Key GDPR Requirements
Education Scotland is committed to helping individuals fulfill their requirements under the GDPR.
The following are a few examples of the key GDPR requirements that apply to both individuals and ourselves:
- Committing to security and privacy measures required under the GDPR.
- Assisting our customers with satisfying their GDPR data security and privacy requirements as described in our full Glow Privacy Notice notifying regulators of personal data breaches on our systems and promptly communicating any such breaches to our stakeholders and end-users.
- Ensuring when our staff that access and process our users’ personal data they are bound to maintain the confidentiality and security of that data.
- Ensuring that all personal data is held to the applicable data management, security and privacy standards required under the GDPR.
- Committing to carrying out data impact assessments and consulting with the Information Commissioner’s Office where appropriate.
We will apply appropriate protection and management of any personally identifiable information you share with Education Scotland. Any personal information you do provide will be held and processed by Education Scotland in accordance with the Data Protection Act 1998 (DPA) and the GDPR. We will not pass on your details to any third party unless you give Education Scotland permission to do so.
Privacy Notice – How We Process Your Personal Information
Any personal information provided to Education Scotland will only be used to discharge our statutory functions and other relevant legislation, maintain our accounts and records and to support and manage our staff. We will only use information for those purposes, but we will share it with others for other purposes where it is legal and justifiable.
At Education Scotland, we manage, maintain and protect all information according to the requirements of the DPA and other legislation. We also adhere to our own information policies and government best practice.
In certain circumstances, we may process your personal information without your consent, and/or we may restrict your access to the information we hold about you. Such circumstances would only arise in relation to our statutory obligations. In these circumstances, there are exemptions from the DPA.
Education Scotland takes your privacy seriously and is committed to responsible handling of personal information in accordance with our Information Charter, which is as follows.
• make sure you know why we need it.
• ask only for what we need and not to collect too much or irrelevant information.
• protect it and make sure nobody has access to it who should not.
• let you know if we share it with other organisations to give you better public services – and if you can say no.
• make sure we do not keep it longer than necessary.
• not make your personal information available for commercial use without your permission.
How to Contact Us