Guidance

Government Security Profession Database privacy notice

Updated 19 November 2020

© Crown copyright 2020

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/government-security-profession-database-privacy-notice/government-security-profession-database-privacy-notice

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).

1. Your data

1.1 Purpose

The purpose for which we are processing your personal data is to collect data about members of the government security profession in all government organisations. This information – the Government Security Profession Database – will be used to:

  • Provide government organisations with an up-to-date picture of the security profession in each department and across government. This can better inform people and capability delivery plans.
  • Prepare organisations and the profession to better anticipate and prepare for changes as we start to track and understand workforce patterns.
  • Continue to build an understanding of the security profession and its make up.
  • Enable tracking implementation and iteration of various initiatives such as the career framework and location strategy.
  • Help manage future demand by understanding where we need to invest in capability initiatives.
  • Provide diversity and inclusion insight to establish risk level of groupthink within the security profession, and inform future recruitment campaigns.
  • Provide data related to cyber roles to inform Digital, Data and Technology (DDaT) Profession HMT Cyber Pay case.
  • Enable us to administer GSP managed learning in collaboration with your organisation.

1.2 The data

We will process the following personal data: work location, Job title, employment types and status, FTE, basic pay and allowances, contractor rates.

We will also collect the following data to help us map the profession framework: job family, job role, capability levels and grade

We will collect the following diversity and inclusion data: gender, age, ethnicity, disability, sexual orientation, religion, carer responsibilities.

The legal basis for processing your personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case that is that processing is necessary for developing the Government Security Function.

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. The legal bases for processing your sensitive personal data are:

  • Processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department. In this case that is to carry out equality monitoring on the government security profession.
  • Processing is of data concerning ethnicity, religious or philosophical belief, health including disability or sexual orientation, and it is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people with a view to enabling such equality to be promoted or maintained.
  • It is necessary for archiving purposes, scientific or historical research purposes or statistical purposes, and it is in the public interest.

1.4 Recipients

Your personal data will be shared by us with your organisation’s security advisers or equivalent, HR, or other collating arms. It will also be shared with the DDaT Profession Workforce Insights and Analytics team in the Cabinet Office.

We will share aggregated data with other government departments and public bodies.

As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.

1.5 Retention

Your personal data will be kept by us for 5 years to allow for trend analysis over a period of time.

We will keep aggregate depersonalised data indefinitely.

Where personal data have not been obtained from you

Your personal data were obtained by us from your employing organisation.

2. Your rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You may have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data.

3. International transfers

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses.

4. Contact details

The Cabinet Office and your employer are joint data controllers for your data. That is because we both use the data for some or all of the purposes set out above.

The lead data controller for your personal data is the Cabinet Office. The contact details for the Cabinet Office are: Cabinet Office, 70 Whitehall, London, SW1A 2AS, or 0207 276 1234, or publiccorrespondence@cabinetoffice.gov.uk.

The contact details for the lead data controller’s Data Protection Officer are: Stephen Jones, Data Protection Officer, Cabinet Office, Room 405, 70 Whitehall, London, SW1A 2AS, or dpo@cabinetoffice.gov.uk.

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

5. Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303 123 1113, or casework@ico.org.uk. Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Back to top