Information assurance and data protection: appropriate policy document

How we meet legal obligations and requirements under data protection law, and how we protect special category and criminal convictions personal data and processing for the purposes of law enforcement.


Roles and responsibilities

The Permanent Secretary, as Accountable Officer (AO), has overall responsibility for data protection within the Scottish Government.

The Director General of Corporate is designated as the Scottish Government’s Senior Information Risk Owner (SIRO).

The Data Protection Officer (DPO) is responsible for data protection assurance and compliance, and reports key findings and recommendations to the Executive Team.

Information Asset Owners (IAO) are responsible for maintaining, registering and safeguarding information assets. IAOs also have a responsibility to ensure compliance with data protection law within their business area.

Information Assurance and Data Protection Branch provide advice and guidance and training to the staff of the Scottish Government.

Contact

Information Assurance and Data Protection Branch: dpa@gov.scot

Back to top