Privacy notice - cyber security growth and innovation programme evaluations
Published 22 April 2022
1. Who is collecting my data?
The Department for Digital, Culture, Media & Sport (DCMS) helps to drive growth, enrich lives and promote Britain abroad. DCMS is the Data Controller for the purpose of this research.
The Cyber Security Directorate at the DCMS is conducting an evaluation of our cyber security programmes. The purpose of the evaluation is to evaluate the effectiveness of the programmes and inform future policy around cyber security programmes.
Data will be gathered from businesses and organisations who have previously engaged with our cyber security programmes.
DCMS has commissioned RSM, an independent specialist research agency, to conduct the evaluation. RSM will collect personal data on our behalf and will provide us with the anonymised findings. For more information, view the RSM Privacy Notice.
2. Purpose of this privacy notice
This notice is provided to meet our obligations as set out in Articles 13 and 14 of the UK GDPR and the Data Protection Act 2018. This notice sets out how we will use your personal data as part of our legal obligations with regard to Data Protection.
3. What personal data do we collect?
DCMS will collect personal data (name and contact details) related to organisations who have previously taken part or applied to take part in one of our cyber security programmes. This data is obtained from our programme management partners, who collected this data during management of the programmes.
Additional information shall be collected by surveys and interviews conducted by RSM on our behalf.
The personal data that DCMS has shared with RSM for this evaluation is:
- Contact name of individuals who attended the programmes
- Job titles when available
- Telephone number (business contact details)
- Email address (business contact details)
4. How will your data be used?
Your data will be used to:
1.Contact you;
- RSM will use your personal data to contact you, as part of the Cyber Security Programmes Evaluation 2022. This may involve an online survey or questionnaire or a telephone interview.
- If you have provided consent, RSM will also share your contact details with DCMS, to be contacted for future research.
2.Generate research findings:
- RSM will remove any personal data (identifiable information) from your responses. The research findings will be anonymised by RSM, to create statistical research findings for DCMS.
- The anonymised research findings will be used by DCMS to evaluate the success of our cyber security programmes.
Anonymised research findings may be made available to;
- Staff within DCMS; Anonymised findings from this survey will be shared internally at DCMS to build evidence base and inform future work and will also be published in-line with Government Social Research guidance.
- Other Government Departments, partner organisations or researchers for statistical research purposes.
- The public; DCMS will also publish aggregated results from this survey. You or your business will not be identifiable in any published results.
Your personal data (including any contact information) will not be included in any research findings.
RSM will process your personal data in accordance with their Privacy Notice.
5. What is the legal basis for processing my data?
To process this personal data, our legal reason for collecting or processing this data is:
Article 6 (1) (a); Consent - you have freely given your consent – it will be clear to you what you are consenting to and how you can withdraw your consent.
You have the right to withdraw your consent, at any time, by contacting cybersecurity@dcms.gov.uk.
6. What will happen if I do not provide this data?
You may not be able to take part in the evaluation.
7. How long will my data be held for?
Your personal data will be securely removed from our systems by the end of 2023, once this research is complete.
8. Will my data be used for automated decision making or profiling?
We will not use your data for any automated decision making.
9. Will my data be transferred outside the UK and if it is how will it be protected?
We will not send your data beyond the European Economic Area.
10. Other privacy notices
The Department for Digital, Culture, Media & Sport’s personal information charter explains how we deal with your information. It also explains how you can ask to view, change or remove your information from our records.
For further information on how RSM processes your personal information, please view the RSM Privacy Notice.
11. What are your data protection rights?
You have rights over your personal data under the UK GDPR and the Data Protection Act 2018 (DPA 2018). The Information Commissioner’s Office (ICO) is the supervisory authority for data protection legislation, and maintains a full explanation of these rights on their website.
DCMS will uphold your rights when processing your personal data.
12. How do I complain?
The contact details for our Data Protection Officer (DPO) are:
Data Protection Officer
The Department for Digital, Culture, Media & Sport
100 Parliament Street
London
SW1A 2BQ
Email: dpo@dcms.gov.uk
If you’re unhappy with the way we have handled your personal data and want to make a complaint, please write to the department’s Data Protection Officer or the Data Protection Manager at the relevant agency. You can contact the department’s Data Protection Officer using the details above.
13. How to contact the Information Commissioner’s Office
If you believe that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. You may also contact them to seek independent advice about data protection, privacy and data sharing.
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
14. Changes to our privacy notice
We may make changes to this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.
This notice was last updated on 28/02/2023.