National Fraud Initiative

Fair Processing Notice

This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

Privacy Notice

This notice relates to the New College Lanarkshire (the College) sharing data with Audit Scotland as part of the National Fraud Initiative.

The College is required by law to protect the public funds it administers and is required to participate in the Audit Scotland National Fraud Initiative. It may share information provided to it with other bodies responsible for auditing or administering public funds, to prevent or detect fraud.

On behalf of the Auditor General for Scotland, Audit Scotland appoints the auditor to audit the accounts of the College. It is also responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body. Computerised data matching allows potentially fraudulent claims and payments to be identified but the inclusion of personal data within a data matching exercise does not mean any specific individual is under suspicion. Where a match is found it indicates that there may be an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. The exercise can also help bodies to ensure that their records are up to date.

Audit Scotland requires the College to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to Audit Scotland for matching for each exercise, and these are set out in Audit Scotland instructions, which can be found at;

The use of data by Audit Scotland in a data matching exercise is carried out with statutory authority, normally under its powers in Part 2A of the Public Finance and Accountability (Scotland) Act 2000. It does not require the consent of the individuals concerned under the General Data Protection Regulation. Data matching by Audit Scotland is subject to a Code of Practice. This may also be found at;

For further information on Audit Scotland’s legal powers and the reasons why it matches particular information, please refer to the privacy notice at


Our legal basis for sharing

As a data controller we must establish the legal basis for processing any personal data.

Personal data: Processing is necessary for the performance of a task in the public interest. The legal basis is Article 6, (1), (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Special category data: Processing is necessary for reasons of substantial public interest and is authorised by domestic law proportionate to the aim pursued. The legal basis for processing your special category and criminal convictions data is Article 9 (2) (g) substantial public interest, and sections 6, 10, 11, and 12 of schedule 1 to the Data Protection Act 2018.

Your Rights

As a ‘Data Subject’ you have a number of rights under data protection law. These are explained here

If you believe that the College has not complied with your data protection rights, or you have any concerns please contact our Data Protection Officer, Lorna Miller You can also complain directly to the Information Commissioner’s Office at their website contains details of how to contact them. However, we request that you give us the opportunity to investigate any concerns in the first instance.