We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Advice and guidance

Trauma Responsive Social Work Services Programme: data protection impact assessment

Published
26 March 2025
Directorate
Children and Families Directorate, +3 more … Local Government and Housing Directorate, Mental Health Directorate, Social Care and National Care Service Development
Topic
Children and families, Communities and third sector, Education, +3 more … Health and social care, Public sector, Work and skills
ISBN
9781836914075

Data Protection Impact Assessment (DPIA) for the Trauma Responsive Social Work Services Programme.

View supporting documents Supporting documents

UK General Data Protection Regulation (UK GDPR) principles

Principle Compliant Description of how you have complied
Principle 1 – fair and lawful, and transparent Yes

Data collection purpose and duration set out in privacy agreement in Annex A.

Data Protection Act 2018 Article 6(1)(e) - 'processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Lawful basis for processing under public task is s9. of the Social Work (Scotland) Act 1968.

Lawful basis for processing under UK General Data Protection Regulation (UK GDPR) Article 9 – special category data is Schedule 1 Paragraph 2 of Data Protection Act (DPA) 2018 6. Provision of social care
Principle 2 – purpose limitation Yes 7 years for the purpose of further learning opportunities, and communication with participants.
Principle 3 – adequacy, relevance and data minimisation Yes Form details the basic level of data that is need for overall evaluation and communication of the project.
Principle 4 – accurate, kept up to date, deletion Yes

The TRSWS will be responsible of ensuring that data is accurate and kept up to date.

All information obtained will be stored securely on Scottish Government servers, and used for evaluation purposes and future programme planning.

Any information provided that is not relevant will be deleted.

Any personal and contact details will be deleted following the outlined retention period.
Principle 5 – kept for no longer than necessary, anonymization Yes

Personal data – email address will be kept for a maximum period of 7 years to contact participants regarding any changes to privacy notice and for evaluation to ensure that pre and post training data are linked together.

Participants can notify the TRSWS team to request that their data is deleted.
UK GDPR Articles 12-22 – data subject rights Yes Privacy note can be found at Engagement with the Trauma Responsive Social Work Services Programme: privacy notice - gov.scot.
Principle 6 - security Yes

All data will be held securely on ERDM and be accessed by relevant members of the TRSWS team and contracted evaluator.

Staff have completed Scottish Government training with regards to ERDM and Data Protection in general.

Processors may be used for other data. Risks identified below.

See contract details for Qualtrics online.
UK GDPR Article 44 - Personal data shall not be transferred to a country or territory outside the European Economic Area. Yes

The TRSWS team will not transfer data outwith the European Economic Area.

Individuals may complete MS Forms where Scottish Government receive that data. It is unclear where this is stored by Microsoft.

Individuals may also complete Qualtrics XM survey. This data is stored on Qualtrics XM servers in UK. More information in data processor section of DPIA.

Contact

Email: TRSWS@gov.scot

Back to top