We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Advice and guidance

Scotland's Proof of Concept Fund: data protection impact assessment (DPIA)

Published
13 June 2025
From
Director of Economic Development
Directorate
Economic Development Directorate
Topic
Business, industry and innovation, Economy, Programme for Government
ISBN
9781836916741

The data protection impact assessment provides information on how data collected as part of the proof of concept fund will be handled in line with current data protection laws.

View supporting documents Supporting documents

7. UK General Data Protection Regulation (UK GDPR) principles

Principle

Compliant – Yes/No

Description of how you have complied

7.1 Principle 1 – fair and lawful, and transparent

Yes

Data collection purpose and duration set out in privacy agreement in Annex A. Data Protection Act 2018 Article 6(1)(e) 'processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’

7.2 Principle 2 – purpose limitation

Yes

Data that is collected will be help for as long as necessary.

7.3 Principle 3 – adequacy, relevance and data minimisation

Yes

The basic level of data that is need for overall evaluation and communication of the project.

Special category data that is going to be collected from lead applicant will be to inform policy plans and reports.

7.4 Principle 4 – accurate, kept up to date, deletion

Yes

The future economy team will be responsible for ensuring that data is accurate and kept up to data . All information obtained will be stored securely on Scottish Government servers and used for evaluation purposes and future programme planning. Any information provided that is not relevant will be deleted. Any personal and contact details will be deleted following the outlined retention period.

7.5 Principle 5 – kept for no longer than necessary, anonymization

Yes

Personal data – email address and names of lead applicants will be kept for longer to be able to communicate with lead applicants and so we can contact them regarding any changes to privacy notice and for evaluation to ensure that pre and post training data are linked together. Participants can notify the future economy team to request that their data is deleted.

7.6 UK GDPR Articles 12-22 – data subject rights

-

A privacy notice has been developed and attached in Annex A.

7.7 Principle 6 - security

Yes

All data will be held securely on ERDM and be accessed by relevant members of the Future economy team and contracted evaluator. Staff have completed Scottish Government training with regards to ERDM and Data Protection in general.

7.8 UK GDPR Article 44 - Personal data shall not be transferred to a country or territory outside the European Economic Area.

Yes

The Future economy team will not transfer data out with the European Economic Area.

Contact

Email: spinouts@gov.scot

Back to top