We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Impact assessment

Sandeel fishing consultation: data protection impact assessment

Published
21 July 2023
Directorate
Marine Directorate
Part of
Marine and fisheries
ISBN
9781835211281

The data protection impact assessment for the consultation on proposals to close fishing for sandeel in all Scottish waters, laying out how respondents data will be handled.

View supporting documents Supporting documents

7. UK General Data Protection Regulation (UK GDPR) principles

7.1 Principle 1 – fair and lawful (see 4.1), and transparent

Compliant – Yes/No: Yes

Description of how you have complied: The lawful basis for processing personal data is public task.

7.2 Principle 2 – purpose limitation

Compliant – Yes/No: Yes

Description of how you have complied: The data will be collected for specific purposes and will not be processed in a manner incompatible with those purposes.

The purpose is clearly explained to respondents prior to responding.

7.3 Principle 3 – adequacy, relevance and data minimisation

Compliant – Yes/No: Yes

Description of how you have complied: The consultation will not gather information that is not necessary to achieve the project's objectives.

Participants are able to input as much information as they would like to open questions, and are able to skip open questions.

7.4 Principle 4 – accurate, kept up to date, deletion

Compliant – Yes/No: Yes

Description of how you have complied: The data from the consultation does not need to be kept up to date as it represents the participants' views and circumstances at the point of collection. (See Principle 5 for deletion).

7.5 Principle 5 – kept for no longer than necessary, anonymization

Compliant – Yes/No: Yes

Description of how you have complied: Review measures will be in place to ensure that the data will be kept for no longer than is necessary. Reviews will take place annually, with data destroyed when its retention is no longer required.

7.6 UK GDPR Articles 12-22 – data subject rights

Compliant – Yes/No: Yes

Description of how you have complied: Data subject rights are outlined in the standard privacy policy linked to from the consultation document.

7.7 Principle 6 - security

Compliant – Yes/No: Yes

Description of how you have complied: Data will be protected from loss or unlawful processing using appropriate methods, including storing electronic data on password protected secure servers.

7.8 UK GDPR Article 44 - Personal data shall not be transferred to a country or territory outside the European Economic Area.

Compliant – Yes/No: Yes

Description of how you have complied: The data gathered is only expected to be transferred within the United Kingdom. The UK is not within the European Economic Area, however the data will not be transferred onward outwith the UK.

Contact

Email: sandeelconsultation@gov.scot

Back to top