Guidance

Government Digital and Data functional workforce plan privacy notice

Updated 29 November 2023

© Crown copyright 2023

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/digital-data-and-technology-ddat-functional-workforce-plan-privacy-notice/ddat-functional-workforce-plan-privacy-notice

The aim of the Government Digital and Data functional workforce plan is to provide a view of the entire digital, data and technology landscape across government.

This view will be created by collecting data on positions, resources and people within Government Digital and Data functions across government departments.

This data is used for insights, analysis and reporting, enabling:

  • departments to better understand their workforce
  • an understanding of cross government trends
  • the identification of capability gaps or opportunities

The Government Digital and Data functional workforce plan is provided by the Central Digital and Data Office (CDDO) which is part of the Cabinet Office. The data controller for CDDO is the Cabinet Office - a data controller determines how and why personal data can be processed. Read the Cabinet Office’s entry in the Data Protection Public Register for more information.

What data we collect from the public sector

The data includes:

  • job role
  • job family
  • role level
  • grade
  • location
  • pay
  • resource type
  • role status

The following special category data items may be collected at individual role level:

  • ethnicity
  • religious belief
  • disability
  • sexual orientation

The data collected is at individual level. None of the information collected will be attached to any direct identifiers, such as names, email addresses or staff numbers.

The legal basis for processing this data is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The legal basis for processing the special category data is: equality of opportunity or treatment (to identify or keep under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained).

Why we need the personal data

The data informs a number of different workstreams, supporting the implementation of the Government Digital and Data Capability Framework, gaining an understanding of the different dynamics in play across departments. This assists the implementation of the Pay Framework and Pay Approach and the development of the SCS Framework.

The data is necessary in providing a cross-government view of the Government Digital and Data profession, which aids advancements in each of these workstreams. The data will also help to build a diversity and inclusion strategy, accurately baselining and measuring the success of future digital, data and technology diversity initiatives.

What we do with your data

In addition to being used for insights, analysis and reporting, the outputs produced are also shared with senior leaders and decision makers within departments, including functional leaders, human resource departments, strategic workforce planners and capability leads.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we’re required to do so by law – for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We will only keep your personal data for as long as:

  • the law requires us to
  • we need for the purposes listed above

This means that we will only hold your personal data for 5 years, after which it will be deleted.

Where your data is processed and stored

We design, build and run our systems to make sure that personal data is as safe as possible at any stage, both while it’s processed and when it’s stored.

The personal data may be transferred outside the United Kingdom while being processed by CDDO. If this happens, we’ll make sure it is given the same level of technical and legal protection as within the United Kingdom.

Who we share your data with

As your personal data will be stored on our IT systems, it will also be shared with our data processors who provide email, document management and storage services.

While your personal data is stored on our systems and shared with our data processors, it may be transferred and stored securely outside the United Kingdom. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access to or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties that process personal data for CDDO are required to keep that data secure.

Your rights

You have the right to request:

  • information about how your personal data is processed, and to request a copy of that personal data
  • that any inaccuracies in your personal data is rectified without delay
  • that any incomplete personal data is updated - you can include the missing information in your request
  • that your personal data is erased if there is no longer a justification for it to be processed
  • that the processing of your personal data is restricted in certain circumstances - for example, where accuracy is contested

If you gave your consent for us to collect and process your data, you have the right to:

  • withdraw your consent - this can be done at any time
  • request a copy of your personal data - this copy will be provided in a structured, commonly used and machine-readable format

Questions and complaints

Contact the Government Digital Service (GDS) Privacy Office if you:

  • have any questions about anything in this document
  • think that your personal data has been misused or mishandled
  • want to make a subject access request (SAR)

Cabinet Office (Government Digital Service)
The White Chapel Building
10 Whitechapel High Street
London
E1 8QS

Email: gds-privacy-office@digital.cabinet-office.gov.uk

The contact details for the data controller’s Data Protection Officer are:

Data Protection Officer

Cabinet Office
70 Whitehall
London
SW1A 2AS

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

If you consider that your personal data has been misused or mishandled, you can make a complaint to the Information Commissioner, who is an independent regulator.

Information Commissioner's Office

Email icocasework@ico.org.uk

Contact form https://ico.org.uk/glo...

Telephone 0303 123 1113

Textphone 01625 545 860

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Changes to this notice

We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, CDDO will take reasonable steps to make sure you know.

Back to top