Publication - Impact assessment

Energy Performance of Buildings (Scotland) Regulations 2025: data protection impact assessment

Published: 10 October 2025
From: Cabinet Secretary for Housing, +3 more … Cabinet Secretary for Climate Action and Energy, Director of Energy and Climate Change, Director-General Net Zero
Directorate: Energy and Climate Change Directorate
Topic: Energy, Environment and climate change, Housing, +1 more … Work and skills
ISBN: 9781806432264

Data protection impact assessment (DPIA) produced as part of our intention to lay updated Energy Performance Certificate (EPC) regulations in October 2025. This DPIA has considered the evidence to understand any potential data protection outcomes from the reform of EPCs.

Supporting documents

Data Protection Officer (DPO) advice

1) This Data Protection Impact Assessment will be reviewed and updated as necessary, to reflect any changes to the processing of personal data.

2) Purpose of the Data Protection Impact Assessment

To ensure that the processing of EPC data, and any subsequently published EPC data, is compliant with General Data Protection Regulation (GDPR), and the Data Protection Act 2018.

Information collected and published for Energy Performance Certificates does not include personal data. However, Scottish Government has undertaken this DPIA as the EPC data is published, and therefore publicly available. EPC data could be combined with other publicly available datasets (e.g. Electoral Register), to disclose information relating to the individual.

EPC data is collected under public task, and publication is necessary to perform a task in the public interest. Any third party that acquires published EPC data must process the data in accordance with data protection legislation.

Contact

Email: EPCenquiries@gov.scot

Thanks for your feedback