Guidance

Global Supply Chain Intelligence Programme (GSCIP) privacy notice

Published 23 July 2024

© Crown copyright 2024

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/global-supply-chain-intelligence-programme-gscip-privacy-notice/global-supply-chain-intelligence-programme-gscip-privacy-notice

The Department for Business and Trade (DBT) is committed to treating your personal data responsibly, in accordance with UK General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018. A reference to data is a reference to personal data and criminal offence data as defined in UK GDPR and DPA

This notice explains: 

  • why we collect your data 
  • what data we collect 
  • who we may share your personal data and criminal offence data with 
  • how long we will keep your data for 
  • when we will review processing of your data 
  • your data rights  
  • how to contact DBT

Personal data means any information relating to an identified or identifiable living person. 

Criminal offence data is information about offenders or suspected offenders in the context of criminal activity, allegations, investigations or proceedings. It includes not just data which is obviously about a specific criminal conviction or trial but may also include personal data about unproven allegations and a wide range of related security measures. This includes conditions or restrictions placed on an individual as part of the criminal justice process or civil measures which may lead to a criminal penalty if not adhered to. 

1. Why we collect your data  

The Global Supply Chains Intelligence Programme (GSCIP) improves visibility of the UK’s supply chains by combining several large commercial datasets. 

DBT processes personal data and criminal offence data received from third party commercial suppliers, particularly in relation to sole traders, partnerships, company directors, shareholder or persons on internationally published sanctions lists. 

The commercial datasets used by GSCIP are as follows: 

Supplier Data Type
Bloomberg Global supply chain relationships, global geolocation facility
Interos Upstream and downstream relationships, operational and supply chain resilience
Factset Multiple including: sanctions, shipping transactions, revenue and relationships
Global Data Full datasets for 1) drugs (pipeline and marketed), 2) drugs by manufacturer, 3) medical devices marketed products, 4) factory finder
Z2 Electronic component location datasets
Verisk Global risk analytics, commodity risk and new industry risk datasets
Moody’s GRID data

1.1 Lawful basis for processing personal data and criminal offence data 

The processing of personal data and criminal offence data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Department for Business and Trade (see ‘public task lawful basis’ in Article 6(1)(e) UK GDPR).  

Further, the processing of criminal offence data is necessary for the exercise of a function of the Crown, a Minister of the Crown or a government department and is necessary for reasons of substantial public interest (statutory and government purposes in paragraph 6 of schedule 1 DPA). Processing is also necessary for the purposes of the prevention or detection of an unlawful act. Processing must be carried out without the consent of the data subject so as not to prejudice those purposes, and is necessary for reasons of substantial public interest (preventing or detecting unlawful acts in paragraph 10 of schedule 1 DPA).

Under section 13 of the Trade Act 2021, a public function relating to trade include, among other things, functions relating to: 

  • the analysis of the flow of traffic, goods and services into and out of the United Kingdom
  • the analysis of the impact, or likely impact, of measures or practices relating to imports, exports, border security and transport on such flow
  • the design, implementation and operation of such measures or practices

The public functions relating to trade that DBT will use your personal data and criminal offence data for include (but are not limited to) consulting on departmental policies or proposals, or obtaining opinion data, in order to develop good and effective trade policies. In this case, the task  will include:  

  • helping UK businesses with legal compliance relating to trade measures
  • making effective policy on UK supply chain resilience and diversification
  • improving analysis of export controls and sanctions
  • improving UK export growth
  • designing an effective tariff policy that reflects the independent UK position on the issues and takes account of our international rights and obligations

The personal data and criminal offence data will also be processed for the purposes of GSCIP operational activity that is a function relating to trade. In the case the task will include: 

  • company and stakeholder engagement 
  • legal compliance purposes 
  • company due diligence purposes  

We may also use your contact details to get in touch with you to discuss your data or to get in touch to discuss other trade related issues.  

Personal data may also be collected for statistical data, for example in relation to the types of individuals and groups.  

2. What data we collect   

Personal data that may be processed includes: 

  • name  
  • address  
  • email address  
  • name of organisation or business you represent 
  • whether you or the organisation or business you represent are sanctioned 
  • sole trader company name 
  • age 
  • director/shareholder information 
  • individuals on public sanctions list 

Criminal offence data of those on the public sanctions list that may be processed includes: 

  • name 
  • address 
  • date of birth 
  • nationality 
  • positions 
  • adverse media information 

3. Who we may share your personal data and criminal offence data with 

Your personal data and criminal offence data will be processed and shared within DBT and with selected third parties. 

Third parties with whom your data may be shared with are 

  • the Department for Science, Innovation and Technology (DSIT
  • the Department for Energy Security and Net Zero (DESNZ
  • HM Revenue and Customs (HMRC
  • HM Treasury (HMT
  • the Foreign Commonwealth and Development Office (FCDO
  • the Ministry of Defence (MOD
  • Cabinet Office Crown Commercial Service (CCS)  
  • the Office for National Statistics (ONS
  • our data processor, Altana 
  • law enforcement agencies
  • Export Control Joint Unit (ECJU)
  • the Information Commissioner’s Office (ICO
  • the National Audit Office (NAO
  • the Government Internal Audit Agency (GIAA
  • other government departments  

  We will not:  

  • sell or rent your data to third parties   
  • share your data with third parties for marketing purposes. 

We will also share your data if we are required to do so by law or regulation. For example, by court order, or to prevent fraud or other crime.     

4. How long we will keep your data for  

We will only keep your data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  

5. When we will review processing of your data 

Processing of personal data and criminal offence data will be reviewed annually or more frequently, if necessary. 

6. Your rights   

You have the right to request a copy of the personal data that we hold about you. You also have additional rights that refer to how DBT holds and uses your information.    

Consequently, under certain circumstances, by law you have the right to:  

  • raise an objection to how your personal data is processed
  • request to have your personal data deleted where there is no compelling reason for its continued processing and provided that there are no legitimate grounds for retaining it
  • request your personal data to be rectified if it is inaccurate or incomplete
  • not be subject to automated decision-making, including profiling
  • request details about how your personal data is processed and to request a copy of your personal data

7. How to contact DBT  

Our contact details are:  

Data Protection Officer, Old Admiralty Building, Admiralty Place, Whitehall, London SW1A 2DY 

 Email: data.protection@businessandtrade.gov.uk   

You have a right to complain to us if you think we have not complied with our obligation for handling your personal information. You can contact our Data Protection Officer using the same contact details provided above.   

If you are not satisfied with the DBT’s response you have a right to complain to the Information Commissioner’s Office (ICO).  You can report a concern by visiting the ICO website.   

For more information about your rights under the UK GDPR and Data Protection Act 2018 or to request a copy of any personal data held about you please contact data.protection@businessandtrade.gov.uk.   

Back to top