The Scottish Information Commissioner
The Scottish Information Commissioner is responsible for enforcing and promoting the right to access information held by public authorities, created by the Freedom of Information (Scotland) Act 2002 and the Environmental Information (Scotland) Regulations 2004 (see below). More information about the Commissioner, the powers of the Office and the legislation can be found on the Information Commissioner's website.
They also publish a page describing the differences between the FOI Act 2000 and the FOI (Scotland) Act 2002.
Data protection and the UK Information Commissioner
The Data Protection Act 2018 and UK-GDPR defines the University's responsibilities concerning the collection, storage, use and transfer of information about living individuals. It also affords certain rights to individuals including the right to see information held about them.
The Act states that personal data must be processed in accordance with the Data Protection principles to ensure that it is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with individuals' rights
- Kept securely
- Not transferred to other countries without adequate protection
Procedural guidance and advice (including Edinburgh Napier's Code of Practice) can be found in our Data Protection Policy Statement.
Information regarding legislation, the rights of individuals and organisations and guidelines regarding specific issues relating to Data Protection and associated legislation can be found on the UK Information Commissioner's website.
The UK Information Commissioner's Office is the UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
For further information about the interaction between the Freedom of Information and Data Protection Acts please visit the University's Data Protection pages.