DISCLAIMER:
This duty is currently under review and has not yet been formally signed off by the relevant professional association. The information provided is for reference only and should not be treated as final or authoritative guidance. Please verify any decisions against approved sources or seek professional advice. Updates will be published once sign-off is complete.
Simple terms explainer:
Councils must protect personal data and ensure compliance with data protection legislation. This means implementing robust policies and technical measures to keep personal information secure, using data only for lawful purposes, and respecting individuals’ rights such as access, correction, and erasure. Councils must also train staff, maintain records of processing activities, and report data breaches where required. The aim is to safeguard privacy, uphold public trust, and avoid legal and financial penalties.
Legal status
Statutory
Duty category
Corporate services
Duty type
Compliance
Social determinant of health
Social and community context
Emerging policy and legislation
1
Bodies with shared interest
Information Commissioner’s Office
CyberScotland Partnership
Audit Scotland
Chartered Institute of Information Security
Society of Local Authority Lawyers and Administrators in Scotland (SOLAR)
Chartered Institute of Public Finance and Accountancy (CIPFA)
Standards and frameworks
2