Our website uses cookies. See our cookies page for information about them and how you can remove or block them. Click here to opt in to our cookies

Data Protection

Creative Scotland is committed to protecting the rights and privacy of individuals in accordance with the Data Protection Act 1998. We need to process certain information about our staff, customers, and other individuals that we have dealings with for administrative purposes. To comply with the Act, information collected about individuals must be used fairly, stored safely and securely and not disclosed to any third party unlawfully.

You have the right to ask us to inform you whether we use any personal information relating to you and to provide you with a copy.

How to request personal data

You can request a copy of any personal data we hold about you by making a subject access request (SAR) under the Data Protection Act 1998, by completing a Subject Access Form and returning it by email or post to either:

vickieambrose@creativescotland.com

or

Information & Records Management Officer, Creative Scotland, Waverley Gate, 2-4 Waterloo Place, Edinburgh, EH1 3EG.

When contacting us you should give details of where your personal data may be held to help us trace your records, including, if possible, names of departments involved and approximate dates.

You should also provide proof of identity - acceptable forms of ID include:

  • copy or scan of the photograph page of your passport or
  • copy or scan of your photocard driving licence or
  • copy or scan of at least two utility bills/bank statements from the last six months detailing your name and current address

What happens next?

We will acknowledge your request in writing and provide you with a reference number for your application and confirm if a £10 subject access request fee will be required.

Once we are satisfied that you meet the criteria for disclosure of data under the Data Protection Act, and you have provided sufficient information, you should receive a response within 40 days from the date that we accept your application for processing.

If you have any queries email the Information & Records Management Officer at vickieambrose@creativescotland.com.

More about Data Protection

Information Commissioner's Office

The Information Commissioner's Office can provide help and advice to assist businesses and public bodies in meeting the requirements of the current Data Protection Act and the forthcoming General Data Protection Regulation.

Data Protection Act 1998

The Data Protection Act 1998 is a United Kingdom Act of Parliament designed to protect personal data stored on computers or in an organised paper filing system. It regulates the processing of personal data and protects the rights of individuals whom the data is about.  This is the current legislation that the UK should comply with until 25 May 2018.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). This is new legislation which will take effect from 25 May 2018.

Data Protection Bill

The Data Protection Bill will replace the 1998 Act to provide a comprehensive legal framework for data protection in the UK, supplemented by the GDPR until the UK leaves the EU. The Bill modernises data protection laws in the UK to meet the needs of our increasingly digital economy and society. While the UK remains a member of the EU, all the rights and obligations of EU membership remain in force. When the UK leaves the EU, the GDPR will be incorporated into the UK’s domestic law under the European Union (Withdrawal) Bill, currently before Parliament.