On the 25th May 2018, new data protection law came into force within the UK which impacts how organisations, including the Scottish Fire and Rescue Service manage and process personal information. The new legislation comprises of the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), which replaced the UK’s Data Protection Act 1998.
The main principles of how we must process personal information are similar to the former Act. We must ensure:
- fair processing of personal information and transparency
- personal information must be adequate and relevant for the processing
- personal information must be accurate, kept up to date and kept no longer than necessary
- the legislation provides individuals with rights regarding their personal information; and
- we must ensure the security and integrity of the personal data within our possession.
We have a duty of care to ensure that all personal information, whether it is in relation to our staff, the community, contractors/suppliers, partners or our operational data is handled responsibly and in a fair lawful manner. This is regardless of how it is collected, recorded, used and stored. We only handle personal data for valid business purposes and have a duty to keep it accurate, secure and not to release it to anyone other than those that require the information to do their job. SFRS use a set of internal policies, procedures and a range of guidance to ensure that we comply with the Data Protection legislation.
For the types of personal information that we collect and process, please refer to our list of Privacy Notices below:
Requests concerning personal information
If you want a copy of, or a description of, the personal data we hold that relates to you, please ask in writing, by letter, fax or email. You can use our Subject Access Request form. Please be as specific as possible about the information you want.
We will reply with your information within one month of receipt, or from the day on which we have the necessary information to confirm your identity. There are some lawful restrictions on information we send you, for example, other people’s personal information.
Post: Subject Access Request, Information Governance, Scottish Fire and Rescue Service, Bothwell Road, Hamilton, ML3 0EA
Under the DPA there are exemptions which can restrict the scope of our obligations under the data protection legislation and restrict an individual’s rights. If this is the case, we will ensure that any restriction will respect the rights and freedoms of the individual and will remain a necessary and proportionate measure to safeguard the following:
- National security, public security or crime prevention and investigation issues- in some cases we may be able to release personal information about people to other agencies.
- Other legal priorities- we may be ordered to release or withhold information as a result of legal proceedings.
- Effects on other people- we may need to withhold information for the protection of another individual’s personal information or to uphold the rights and freedoms of others.
The Information Commissioner’s Office’s (ICO) website provides various guidance for the new data protection legislation.
For further assistance about the data protection legislation and how this relates to SFRS, please contact the Data Protection team at SFRS.GDPR@firescotland.gov.uk or if you have a query and would like to talk to us, please call our headquarters switchboard on 0141 646 4500.
Our address for written correspondence is:
Scottish Fire and Rescue Service
Bothwell Road, Hamilton