Skip to content
Glasgow City Council

Privacy Notice - Internal Audit

This document is in addition to Glasgow City Council's Privacy Statement which can be found at and this document is specific to the Internal Audit Team. 

Why do we need your personal information and what do we do with it?

Glasgow City Council has an obligation under Section 95 of the Local Government (Scotland) Act 1973 to protect public funds. To this end the Internal Audit Team can make enquiries with both internal and external agencies in order to establish the correct entitlement to the services the Council provides and to any financial awards that may be granted. This can include;

  1. Licencing
  2. Internal enquiries
  3. Law enforcement
  4. Grants and benefits
  5. Civil enquiries
  6. Financial transactions both to and from the Council

The information that is gathered can be examined for the following reasons;

  1. The prevention and detection of crime.
  2. The apprehension or prosecution of offenders
  3. The assessment or collection of a tax or duty or an imposition of a similar nature.
  4. To check the current information held is accurate.  

Legal basis for using your information

The legal basis for processing your personal information include the following:

  1. The Public Finance and Accountability (Scotland) Act 2000 that enables disclosure of data to Audit Scotland for data matching purposes.
  2. The Local Government (Scotland) Act 1973.The Public Interest Disclosure Act 1998
  3. The Bribery Act 2010.

We process your personal information because it is necessary for us to use your personal information for the performance of a task carried out in the public interest by the council.  In the case of counter fraud activity, we also need to process more sensitive personal information about you for reasons of substantial public interest as set out in the Data Protection Act 2018. It is necessary for us to process this more sensitive information for a number of reasons including:

  • to carry out key functions as set out in law;
  • in order to meet our legal obligations in relation to employment, social security and social protection law;
  • in order to protect your vital interests or the vital interests of others in circumstances where we will not be able to seek your consent; or

Who do we share your information with?

We both disclose information to, and receive information from, a range of external bodies in relation to counter-fraud activity.  External agencies can include:

  1. Police Scotland
  2. Crown Office and Procurator Fiscal Service
  3. Other Local Authorities
  4. Government bodies including HMRC and DWP
  5. The NHS
  6. Credit Reference agencies
  7. Service Providers
  8. Arms' Length organisations
  9. Regulatory bodies
  10. Telecommunications providers
  11. Material published on the internet

International transfers

Almost all council data is held within the UK.  It is highly unusual for any counter-fraud information to be transferred outside the UK, the main exception to this being that we may share information with the European Commission or European Court of Auditors in cases where there is suspected fraud involving EU funds.  Any overseas data transfers require additional internal approvals and we only send data overseas where we have been able to put in place measures to ensure that your personal information is as safe and respected in the overseas country or countries in question as it is in the UK.

How long do we keep your information for?

The Council will hold all information obtained in a secure environment and is only accessed by the appropriate people. Information is only held for the minimum time necessary or for the period set out in law. The Council maintains a Record Retention and Disposal Schedule and this can be accessed at

Profiling or automated decision-making processes

The National Fraud Initiative (NFI) makes some use of automated decision-making processes and profiling.  However no decisions in relation to individuals are made without a human scrutinising the results first and the process is not wholly automated.  For more details see .

Your rights under data protection law

Your sights are set out in the general privacy statement (see link above).  To exercise these rights, please contact the Council's Data Protection Officer.  The Data Protection Officer can be contacted on 0141 287 1055 or by e mail at if you have a complaint about how we handled your personal data.

You also have the right to lodge a complaint about data protection matters with the Information Commissioners Office who can be contacted as follows;

Phone - 01625 545 745

Letter - Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.   

Share this page:

A to Z:

Council Services