We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Impact assessment

Proposals to extend marine planning zones: updated data protection impact assessment

Published
8 September 2025
From
Minister for Public Finance, +1 more … Cabinet Secretary for Rural Affairs, Land Reform and Islands
Directorate
Marine Directorate, +1 more … Planning, Architecture and Regeneration Directorate
Topic
Building, planning and design, Marine and fisheries
ISBN
9781806431120

Updated data protection impact assessment following end of consultation on proposals to extend marine planning zones and subsequent enactment of the proposals

View supporting documents Supporting documents

7. UK General Data Protection Regulation (UK GDPR) principles

7.1 Principle 1 – fair and lawful (see 4.1), and transparent

Compliant? Yes

The legal basis for processing personal data will be ‘public task’. Scottish government has prepared a privacy statement which is available on the Scottish Government website. Privacy - gov.scot (www.gov.scot)

The Scottish Government would communicate this to consultees before they make their comments in any consultation.

7.2 Principle 2 – purpose limitation

Compliant? Yes

The data will be collected for specific purposes and will not be processed in a manner incompatible with those purposes. The purpose will be clearly explained to respondents prior to responding.

7.3 Principle 3 – adequacy, relevance and data minimisation

Compliant? Yes

The consultation will only gather necessary information to achieve the project’s objectives. Participants are able to input as much information as they would like to open questions, and are able to skip open questions.

7.4 Principle 4 – accurate, kept up to date, deletion

Compliant? Yes

The data from the consultation and analysis does not need to be kept up to date as it represents the participants’ views and circumstances at the point of collection. It will be deleted in accordance with SG retention and disposal strategy (See Principle 5 for deletion).

7.5 Principle 5 – kept for no longer than necessary, anonymization

Compliant? Yes

The data processor will be processing data which is directly identifiable in the dataset. Anonymisation measures are set out in section 5. Review measures will be in place to ensure that the data will be kept for no longer than is necessary for its lawful purpose by the Scottish Government.

7.6 UK GDPR Articles 12-22 – data subject rights

Compliant? Yes

Data subjects rights are set in the SG privacy policy which is to be found in the RIF linked to the consultation process. The data controller will process and manage any requests to exercise the rights of the data subject.

7.7 Principle 6 – security

Compliant? Yes

Data will be protected from loss or unlawful processing using appropriate methods, including storing electronic data on password protected secure severs.

7.8 UK GDPR Article 44 - Personal data shall not be transferred to a country or territory outside the European Economic Area.

Compliant? Yes

The project is not expected to involve the transfer of data outside the EEA. For customers in the EU, Rackspace is its Infrastructure as a Service hosting provider. Rackspace provides and manages the UK data centers in which the Citizen Space site is hosted.

Contact

Email: AquacultureReview@gov.scot

Back to top