Skip to content

Our Commitment to Data Privacy

Scottish Government and Scottish Local Authorities are committed to compliance with the EU General Data Protection Regulation (GDPR), which came into effect on May 25th 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.

What Are the Key GDPR Requirements

Scottish Government and Scottish Local Authorities are committed to fulfilling their requirements under the GDPR. The following are a few examples of the key GDPR requirements that apply to the Scottish Government (as a processor) and Scottish Local Authorities (as controllers):

  • Committing to security and privacy measures required under the GDPR. 

  • Assisting our customers with satisfying their GDPR data security and privacy requirements, notifying regulators of personal data breaches on our systems and promptly communicating any such breaches to our stakeholders and end-users. 

  • Ensuring when our staff that access and process our users’ personal data they are bound to maintain the confidentiality and security of that data. 

  • Ensuring that all personal data is held to the applicable data management, security and privacy standards required under the GDPR.
  • Committing to carrying out data impact assessments and consulting with the Information Commissioner’s Office where appropriate..

Privacy Information

We will apply appropriate protection and management of any personally identifiable information you share with Scottish Government for the purpose of the Scottish National Standardised Assessments (SNSA). Any personal information provided will be held and processed by Scottish Government and its sub-processers ACER International (UK) Limited and TWIG World Limited in accordance with the Data Protection Act 2018 (DPA) and the GDPR. Your details will not be passed onto any other third party unless you give your Local Authority permission to do so.

Privacy Notice – How We Process Your Personal Information

Any personal information provided to Scottish Government and Scottish Local Authorities will only be used for the purposes of SNSA, to discharge our statutory functions or for our official functions and to maintain our accounts and records. We will only use information for those purposes, but we will share it with others for other purposes where it is legal and justifiable. At the Scottish Government and within Scottish Local Authorities, we manage, maintain and protect all information according to the requirements of the GDPR, DPA and other legislation. We also adhere to our own information policies and government best practice.

In certain circumstances, we may process your personal information without your consent, and/or we may restrict your access to the information we hold about you. Such circumstances would only arise in relation to our statutory obligations. In these circumstances, there are exemptions from the GDPR and the DPA.

How to Contact Us 

If you want to request information about our privacy policy, you can email the SNSA team on