The Cross-border Placement of Children (Requirements, Effect and Enforcement) (Scotland) Regulations 2026: Data Protection Impact Assessment

3. Data Controllers

3.1 Organisation

Scottish Ministers

3.2 Activities

The Regulations introduce a role for Scottish Ministers in relation to enforcement and the provision of advocacy.

Enforcement: Where Scottish Ministers believe that a placing authority has failed to comply with certain duties under the Regulations, they may issue a notice of their intention to apply to the sheriff court to enforce compliance with those duties.

Advocacy: Scottish Ministers are responsible for ensuring that all children temporarily placed into residential care in Scotland from other UK jurisdictions are offered advocacy support. On receiving notification of a new placement (or move to a new residential setting), Scottish Ministers will share relevant information with the appropriate advocacy provider within the local authority area where the child has been placed.

To effectively carry out these duties, Scottish Ministers must have access to key information that enables them to identify the child, the placement, and relevant contacts.

3.3 Is the organisation a public authority or body as set out in Part 2, Chapter 2, Section 7 of the Data Protection Act 2018?

Yes

3.4 Lawful basis for processing under UK General Data Protection Regulation (UK GDPR) Article 6 for the collection and sharing of personal data – general processing

Article 6(1)(c) – legal obligation

3.5 Lawful basis for processing under UK General Data Protection Regulation (UK GDPR) Article 9 – special category data or Article 10 – criminal convictions data. Include condition from Schedule 1 or 2 of the Data Protection Act 2018

Article 9(2)(g) - substantial public interest

3.6 Law Enforcement – if any law enforcement processing will take place – lawful basis for processing under Part 3 of the Data Protection Act 2018

N/A

3.7 Legal gateway for any sharing of personal data between organisations

N/A