If calling please ask for: Kenny
McKaig 01382 434577
Freedom of Information (Scotland) Act 2002 – 20200819003
I refer to your request of 19/08/2020
In regards to 1d.Section 17, of the of the Freedom of Information (Scotland) Act 2002 provides that Scottish public
authorities are not obliged to comply with a request for information if the authority does not hold the information.
The Council does not hold records of the information you have requested.
Also, 1i., Section 38(1)(b) and (2)(A) of the Freedom of Information (Scotland) Act 2002 provides that information is
exempt and does not have to be disclosed if it constitutes the personal data of a third party. The information you have
requested constitutes the personal data of a third party.
For these reasons I refuse these parts of your request.
The information which I can provide is contained in the document attached,
1. Could you let me know?
a. What position in the Council is designated as Senior Information Risk Owner (SIRO)?
b. The name of your Data Protection Officer (DPO)?
c. Job title of the DPO, if not just DPO?
d. If the DPO also has other duties, approximately how much of their time is spent on DPO work?
e. If the DPO has other responsibilities, has a risk assessment been carried out to ensure that any potential
conflicts of interest as identified in the GDPR and the guidance from the European Data Protection Board
are managed? If so, has this been reviewed in light of the recent decision of the Belgium Data Protection Authority (28 April 2020): https://edpo.com/news/dpo-and-conflict-of-interest-50-000e-fine-by-the-belgian-
f. The line manager of the DPO – i.e. the post that the post holder reports to. Is it the SIRO?
g. Who the DPO reports to in their role as DPO if that differs from the line manager? Is it the SIRO?
h. At what spinal point is the DPO paid?
i. Key relevant qualifications that the DPO and SIRO hold or relevant training completed.
2. And could you provide the relevant extract of the Council’s Organisational Chart that shows the DPO, the
DPO’s line manager, the post holder that the DPO reports to, the SIRO and Chief Executive?
Your Right to Appeal
If you are unhappy with this reply you may require the Council to review its actions and decisions in relation to your
The requirement for review must:-
be in writing or other permanent form (please address it to me);
state your name and give an address for correspondence;
specify the original request for information and the matter which gives rise to your dissatisfaction; and
be made within 40 working days of the date of this response, although the Council may, if it considers it
appropriate to do so, consider requirements for review after that time has passed.
Your requirement for review will be dealt with by the Chief Executive. He will reply to you in writing promptly and in any
event within 20 working days. He may:-
confirm my decision with or without modification;
substitute a different decision for my decision;
and will give you his reasons for so doing. If you are unhappy with the Chief Executive's decision you may then appeal
to the Scottish Information Commissioner. You must submit your appeal to the Scottish Information Commissioner
within six months of receiving the Chief Executive's decision.
Further details on the Scottish Information Commissioner's appeal procedure can be found using the direct link
www.itspublicknowledge.info/Appeal or email email@example.com or telephone (01334) 464610 or write
to Scottish Information Commissioner, Kinburn Castle, Doubledykes Road, St Andrews, Fife, KY16 9DS.