Dear Caroline Smith

Request for information: Data Protection Officer

Thank you for your information request which we have logged as reference
argyllbuteir:11897.

It has been passed to the relevant service(s) for attention and you should
receive a response under either the Freedom of Information (Scot) Act 2002
or the Environmental Information (Scotland) Regulations 2004 by 2020-09-17
00:00:00. We hope to respond within this timescale but, due to the
staffing/capacity issues with COVID-19, some requests may take little
longer.

Please quote the reference number above in any correspondence you may have
with the Council in regard to this request.

Regards

FOI Officer

Privacy information: Any personal information you have provided in
relation to this request will be used only for the intended purpose -
please read the full privacy notice to find out more about how your
personal information will be handled, and your rights under data
protection legislation.

Classification: OFFICIAL

Dear Ms Smith

Request for information: Data Protection Officer

Reference: argyllbuteir:11897.

I refer to your request for information which was dealt with in terms of
the Freedom of Information (Scotland) Act 2002 (FOISA).

1. Could you let me know?

a. What position in the Council is designated as Senior Information Risk
Owner (SIRO)? Executive Director Customer Services

b. The name of your Data Protection Officer (DPO)? Iain Jackson

c. Job title of the DPO, if not just DPO? Governance, Risk and Safety
Manager

d. If the DPO also has other duties, approximately how much of their time
is spent on DPO work? 35%

e. If the DPO has other responsibilities, has a risk assessment been
carried out to ensure that any potential conflicts of interest as
identified in the GDPR and the guidance from the European Data Protection
Board are managed? If so, has this been reviewed in light of the recent
decision of the Belgium Data Protection Authority (28 April 2020):
[1]https://edpo.com/news/dpo-and-conflict-o... I have to advise that the
information you requested is information not held by the Council and as
such I must refuse your request in terms of Section 17 of FOISA.

However, in line with the duty placed on the Council in terms of Section
15 of FOISA, I can advise that no risk assessment has been carried out  

f. The line manager of the DPO – i.e. the post that the post holder
reports to. Is it the SIRO? Yes, in regard to Data Protection issues but
line manager for other responsibilities is Head of Legal and Regulatory
Support

g. Who the DPO reports to in their role as DPO if that differs from the
line manager? Is it the SIRO? See response at f.

h. At what spinal point is the DPO paid? LGE14

i. Key relevant qualifications that the DPO and SIRO hold or relevant
training completed. DPO - is a qualified solicitor who also holds a Data
Protection Practitioners Certificate from PDP.

2. And could you provide the relevant extract of the Council’s
Organisational Chart that shows the DPO, the DPO’s line manager, the post
holder that the DPO reports to, the SIRO and Chief Executive? I have to
advise that the information you requested is information not held by the
Council and as such I must refuse your request in terms of Section 17 of
FOISA.

However, in line with the duty placed on the Council in terms of Section
15 of FOISA, I can advise this information 'not held' the Council's
Organisational Chart doesn't go into that level of detail

If you are dissatisfied with the way in which your request for information
has been dealt with you are entitled to request a review by writing to the
Executive Director Customer Services, Argyll and Bute Council, Kilmory,
Lochgilphead, Argyll PA31 8RT, or by email to [Argyll and Bute Council request email].

Your request for review must state your name and address for
correspondence, specify the request for information to which your request
for review relates and why you are dissatisfied with the response. 

You must make your request for review not later than 40 working days after
the expiry of the 20 working day period for response to your initial
request by the Council, or not later than 40 working days after the
receipt by you of the information provided, any fees notice issued or any
notification of refusal or partial refusal.

If you make an application for review and remain dissatisfied with the way
in which the review has been dealt with you are entitled to make an
application to the Scottish Information Commissioner, Kinburn Castle,
Doubledykes Road, St Andrews, Fife KY16 9DS (Tel: 01334 464610) for a
further review. You can now do this online here -  
www.itspublicknowledge.info/Appeal.

You must make representation to the Scottish Information Commissioner no
later than 6 months after the date of receipt by you of the notice or
decision you are dissatisfied with or within 6 months of the expiry of the
period of 20 working days from receipt by the Council of your request for
review.

Yours sincerely,

David Sinclair

Compliance and Regulatory Assistant

Legal and Regulatory Support/Compliance

Argyll & Bute Council

Kilmory

PA31 8RT

Tel:01546604352

[2]roundel_fc_cmyk_with_initials_signature_0_0[3]cid:image002.jpg@01D5F307.F33AB810

dangos adrannau a ddyfynnir