[Withdrawn] Personal data processing: fair processing notice
Updated 17 February 2017
© Crown copyright 2017
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/personal-data-processing-fair-processing-notice/personal-data-processing-fair-processing-notice
The way we process data relating to financial transactions will be changing from September 2016. This includes personal data that relates to your interaction with us. Some of the data may be processed offshore by our services provider, Shared Services Connected Limited (SSCL), who manage our back office services through Centres of Excellence in the UK and in India.
SSCL has been contracted by the following organisations to provide back office services as part of the Next Generation Shared Service (NGSS) Programme for government:
- Animal and Plant Health Agency
- Cabinet Office
- Committee for Climate Change
- Department for Business, Energy & Industrial Strategy
- Department for Environment, Food and Rural Affairs
- Department for Work and Pensions
- Department of Education
- Environment Agency
- Food Standards Agency
- Health and Safety Executive
- Marine Management Organisation
- Ministry of Justice
- Natural England
In this case, offshoring relates to the practice of processing data outside of the UK and is standard practice for many UK private and public sector organisations, which often offshore some non-customer facing transactional work.
Data security
No data is held offshore. All data (including personal data) is held on UK systems. Some transactional data is processed in offshore centres, which involves accessing the data to complete particular tasks.
SSCL has ensured that the security of data follows Government Information Assurance Standards, Good Practice Guides and is in line with the Government Security Policy Framework. All shared service data is handled, processed and transmitted in accordance with these security requirements taking into account government security policies. Business controls and checks are owned by UK teams and applied in the offshore teams who are audited on a regular basis.
This practice complies with the Data Protection Act 1998 (DPA) and has been subject to close scrutiny and evaluation by government accreditors and independent experts to ensure data handling meets the expected standards. Organisations remain the data controllers in respect of any personal data that you provide. Organisations may be required to release information, including personal data and commercial information, on request under statutory obligations such as the Freedom of Information Act 2000. However, organisations will not permit any unwarranted breach of confidentiality nor will we act in contravention of our obligations under the Data Protection Act 1998.
We may use information, including personal data, to test computer systems to ensure that they work effectively and efficiently and to develop new systems in order to improve efficiency and the service that we provide to you and other persons. Any use of information for testing or developing computerised systems will be conducted in a secure manner in accordance with the Data Protection Act 1998 to safeguard the privacy of the information that you have supplied.