Privacy Policy

Our Commitment to Data Privacy

Scottish Government and Scottish Local Authorities are committed to compliance with the Data Protection Act 2018.

What Are the Key UK GDPR Requirements

Scottish Government and Scottish Local Authorities are committed to fulfilling their requirements under UK GDPR. The following are a few examples of the key UK GDPR requirements that apply to the Scottish Government (as a processor) and Scottish Local Authorities (as controllers):

  • Committing to security and privacy measures required under UK GDPR.
  • Assisting our customers with satisfying their GDPR data security and privacy requirements, notifying regulators of personal data breaches on our systems and promptly communicating any such breaches to our stakeholders and end-users.
  • Ensuring when our staff that access and process our users’ personal data they are bound to maintain the confidentiality and security of that data.
  • Ensuring that all personal data is held to the applicable data management, security and privacy standards required under UK GDPR.
  • Committing to carrying out data impact assessments and consulting with the Information Commissioner’s Office where appropriate.

Privacy Information

We will apply appropriate protection and management of any personally identifiable information you share with Scottish Government for the purpose of the National Standardised Assessments for Scotland (NSA). Any personal information provided will be held and processed by Scottish Government and its sub-processers AlphaPlus Limited, BTL Group Ltd, Method4 Ltd, Microsoft, Cloud Ally and Iron Mountain. in accordance with the Data Protection Act 2018 (DPA) and UK GDPR. Your details will not be passed onto any other third party unless you give your Local Authority permission to do so.

Privacy Notice – How We Process Your Personal Information

Any personal information provided to Scottish Government and Scottish Local Authorities will only be used for the purposes of NSA, to discharge our statutory functions or for our official functions and to maintain our accounts and records. We will only use information for those purposes, but we will share it with others for other purposes where it is legal and justifiable. At the Scottish Government and within Scottish Local Authorities, we manage, maintain and protect all information according to the requirements of UK GDPR, DPA and other legislation. We also adhere to our own information policies and government best practice.

In certain circumstances, we may process your personal information without your consent, and/or we may restrict your access to the information we hold about you. Such circumstances would only arise in relation to our statutory obligations. In these circumstances, there are exemptions from the GDPR and the DPA.

How to Contact Us

If you want to request information about our privacy policy, you can email the NSA team on