Our website uses cookies. See our cookies page for information about them and how you can remove or block them. Click here to opt in to our cookies

Data Protection

Creative Scotland is committed to protecting the rights and privacy of individuals in accordance with data protection laws. We need to process certain information about our staff, customers, and other individuals that we have dealings with for administrative purposes. To comply with respective data protection laws, information collected about individuals must be used fairly, stored safely and securely and not disclosed to any third party unlawfully.

You have the right to ask us to inform you whether we use any personal information relating to you and to provide you with a copy.

How to request personal data

You can request a copy of any personal data we hold about you by making a subject access request (SAR) and completing a Subject Access Form and returning it by email or post to either:



Information & Records Management Officer, Creative Scotland, Waverley Gate, 2-4 Waterloo Place, Edinburgh, EH1 3EG.

When contacting us you should give details of where your personal data may be held to help us trace your records, including, if possible, names of departments involved and approximate dates.

You should also provide proof of identity - acceptable forms of ID include:

  • copy or scan of the photograph page of your passport or
  • copy or scan of your photocard driving licence or
  • copy or scan of at least two utility bills/bank statements from the last six months detailing your name and current address

What happens next?

We will acknowledge your request in writing and provide you with a reference number.

Once we are satisfied that you meet the criteria for disclosure of data under the General Data Protection Regulation (GDPR), and you have provided sufficient information, you should receive a response within 30 days from the date that we accept your application for processing.

If you have any queries email the Information & Records Management Officer at vickieambrose@creativescotland.com.

More about Data Protection

Information Commissioner's Office

The Information Commissioner's Office can provide help and advice to assist businesses and public bodies in meeting the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Data Protection Act 2018

The Data Protection Act 2018 is a comprehensive legal framework for data protection in the UK, supplemented by the GDPR until the UK leaves the EU. The Data Protection Act 2018 modernises data protection laws in the UK to meet the needs of our increasingly digital economy and society. While the UK remains a member of the EU, all the rights and obligations of EU membership remain in force.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). This legislation became enforceable from 25 May 2018.