The Data Protection and Freedom of Information Office provides the University with advice, expertise, and training on the implications for the University of the General Data Protection Regulation (GDPR) and Data Protection Law, the Privacy & Electronic Communications Regulations (PECR), the Freedom of Information (Scotland) Act (FOISA), the Environmental Information (Scotland) Regulations (EIR), the Section 61 Code of Practice on Records Management, and associated legislation. In particular, the Office:

  • Processes all the Subject Access Requests made to the University under the GDPR.
  • Processes, or provides coordination & advice on, those FOISA Requests made to the University where the Act's exemptions are invoked.
  • Processes non-routine requests for information that are subject to the terms of FOISA.
  • Provides the administrative structure for all the Requests for Review received by the University under FOISA.
  • Coordinates all contact between the University and both the Scottish Information Commissioner and the UK Information Commissioner - including Investigations, Appeals, Notifications, and the Publication Scheme.
  • Makes policy recommendations to the University in those areas of operation where the requirements of the GDPR, FOISA, EIRs, and other information compliance issues impact.
  • Makes policy recommendations to the University on records and information management practices and procedures including record retention schedules.
  • Provides specialist advice in the areas of records and information management to meet the University's strategic initiatives and projects.
  • Provides training courses on the practices required to meet the requirements of the above legislation.
  • Provides detailed advice, on request, on the implications and requirements of the above legislation.
  • Coordinates contact with the University's Lawyers on issues related to the above legislation.
  • Provides web pages on the implications and requirements of the above legislation.
  • Responds to all GDPR Subject Access Requests and FOISA Information Requests within the timescales required by the Acts.
  • Updates, maintains, and seeks to develop the University's Publication Scheme (FOISA) and Notification (GDPR).

Complaints and comments on the above services provided to the University should be directed in the first instance to the Data Protection and Freedom of Information Office.