Unlocking the value of data - Independent Expert Group: final report

This report is the final output of the Independent Expert Group on the Unlocking the Value of Data programme, to the Scottish Government. This report is a Ministerial commission, and was originally commissioned by the former Minister for Business, Trade, Tourism and Enterprise.


Data Information about people, things and systems. According to the UK Government Data Strategy:

"Data about people can include personal data, such as basic contact details, records generated through interaction with services or the web, or information about their physical characteristics (biometrics) – and it can also extend to population-level data, such as demographics. Data can also be about systems and infrastructure, such as administrative records about businesses and public services. Data is increasingly used to describe location, such as geospatial reference details, and the environment we live in, such as data about biodiversity or the weather. It can also refer to the information generated by the burgeoning web of sensors that make up the Internet of Things."

Data Access Authorised permission and ability to collect, inspect, adjust, copy, and transfer data. This includes how users get access to the data, where it is located, and who owns or is in possession of the data.

Data Controllers Defined in the UK GDPR Art 4(7) as 'the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data'.

According to the ICO:

"Controllers are the main data use decision-makers – they exercise overall control over the purposes and means of the processing of personal data. [...] If you exercise overall control of the purpose and means of the processing of personal data – i.e., you decide what data to process and why – you are a controller."

Data Processors Defined in the UK GDPR Art 4(8) as: 'a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller'.

According to the ICO:

"Processors act on behalf of, and only on the instructions of, the relevant controller. [...] If you don't have any purpose of your own for processing the data and you only act on a client's instructions, you are likely to be a processor – even if you make some technical decisions about how you process the data."

Data Sharing Enabling actions to make the same data available to one or many consumers or users.

Personal Data Defined in the UK GDPR (Article 4(1)) as:

"any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."

Private Sector The segment of the economy owned, managed and controlled by individuals and organisations seeking to generate profit. Companies in the private sector are usually free from public or state ownership or control.

Public Sector The organisations run by the government that exist to provide services for the population and communities.

(see also 'Public Bodies').

Public sector personal data Personal data (see above) that is controlled or processed by the Public Sector.

Value Viewed in the broadest terms covering economic, social and/or environmental factors, in a holistic way.

Neither solely or predominantly financial or economic in character, and should also be social and environmental.


Email: christopher.bergin@gov.scot

Back to top