Charities (Regulation and Administration) (Scotland) Bill: data protection impact assessment

Data protection impact assessment for the Charities (Regulation and Administration) (Scotland) Bill

Data Protection Impact Assessment

Charities (Regulation and Administration) (Scotland) Bill

Version date: 8 November 2022

The purpose of this report is to assess the potential for privacy impacts and GDPR implications associated with proposals that make up the Charities (Regulation and Administration) (Scotland) Bill (the Bill).

This document will also provide an evaluation of how the protection of personal data has been considered and demonstrate how the rights to privacy and confidentiality of the users are appropriately protected through mitigations.

The Bill presents a package of proposals aimed at increasing transparency and accountability in charities, improving the Scottish Charity Regulator's (OSCR's) powers and bringing Scottish charities legislation up to date with key aspects of charity regulation in England, Wales, and Northern Ireland. Although some proposals are more closely linked than others, they are all essentially independent therefore the choice in each case was simply whether to include the proposal in the Bill or not. Each proposal has been examined as a separate entity to ensure that the full range of considerations for each has been considered as part of this assessment

The text of the proposed legislation/amendment is attached at Annex A.

The Bill will enhance transparency and accountability in Scottish charities and increase regulatory powers for OSCR. The Scottish Government has been actively working on a review of Scottish charity law since January 2019. The review has focused on the proposals put forward by OSCR. The Bill does not seek to revisit the fundamental principles of charity law, but to update and strengthen existing charity regulation.

The proposals identified by OSCR broadly focus on increasing transparency and accountability by making information more accessible to maintain public trust and confidence in charities and improving OSCR's powers to deal with misconduct, bridging some of the gaps between Scots charity law and charity law in the rest of the UK. Consultations in 2019 and 2021 showed strong support for all 10 proposals and stakeholders are keen to see changes brought forward. As a result of the consultations two more proposals have been added to the drafting instructions – Introduction of a Record of mergers and a list of technical amendments to the Charities and Trustee Investment (Scotland) Act 2005 (the 2005 Act).

During the drafting process of the Bill the decision was made to remove one of the original 10 proposals relating to the reorganisation of charities established under royal charter, warrant or enactment. This proposal will be considered for future review.

It is important to note throughout this assessment that a lot of what the Bill is doing is conferring functions on OSCR which, as the regulator, is bound by section 1(9) of the 2005 Act[1] to have regard, in the exercise of its functions, to:

  • The principles under which regulatory practice should be proportionate, accountable, consistent, transparent, and targeted only at cases in which action is needed, and
  • Any other principle appearing to OSCR to represent best regulatory practice.

This overarching duty means that OSCR is bound by law to act proportionately and to target its resources only at the cases most needing action.

This Data Protection Impact Assessment (DPIA) works in conjunction with the Article 36(4) ICO consultation form submitted in advance of this, as the proposal requires consultation with the Information Commissioner's Office (ICO).



Back to top