Skip to main content
Government Digital and Data Profession Capability Framework

Complete our 3 minute feedback survey to help us improve the framework.

Privacy notice

Last update: 22 January 2026

The Government Digital Service (GDS) manages the Government Digital and Data Profession Capability Framework (previously known as the ‘DDaT Capability Profession Framework’).

GDS is part of the Department of Science Innovation and Technology (DSIT), which is the data controller. A data controller determines how and why personal data can be processed. Read the Department for Science, Innovation and Technology entry in the Data Protection Public Register for more information.

This privacy notice gives you general information on how we handle data in the Capability Framework team from:

  • change request submissions
  • votes on proposals to the Capability Framework Design Council
  • feedback submissions

For more details about the team, contact digitaldatacapabilityframework@dsit.gov.uk

Why we need your data

When submitting a change request

We need information about you when you submit a Capability Framework change request so that:

  • we can verify that you’re a member of government staff
  • we can follow up with any questions relating to your request

When submitting a vote on a proposal on behalf of your organisation

The data we ask for identifies the organisation you are submitting a vote on behalf of.

We do not ask you for any personal data when submitting your organisation’s vote.

When giving us feedback on the framework or related products

We do not ask you for any personal data when you give us feedback.

Our legal basis for using your data

We use your data because you have consented for us to do so when submitting a change request.

What data we collect from you

When submitting a change request

The personal data we collect from you when you submit a change request includes your:

  • name
  • job title
  • government department, agency or public body
  • email address

When submitting a vote on a proposal on behalf of your organisation

We do not ask for any of your personal data.

We ask you for:

  • a code that identifies your organisation
  • optional comments about the reasons for the vote

When giving us feedback on the framework or related products

We do not ask you for any personal data when you give us feedback.

What we do with your data

We may use the following third party tools and services to collect or analyse your data:

  • survey tools
  • online collaboration tools, including video conference and virtual whiteboard tools

If we do any of the above, we will monitor and limit the access that people outside the Capability Framework team have to your data. The privacy policies of these external organisations will also apply.

We will not:

  • sell or rent any of your data to third parties
  • share your data with third parties for marketing purposes

Where your data is processed and stored

Your personal data will be stored on our IT systems, which are provided by third party email, document management and storage service providers.

Your personal data may be transferred outside the United Kingdom while being processed. If this happens, it will be subject to equivalent legal protection through the use of adequacy decisions. If no relevant adequacy decision exists, standard contractual clauses will be used instead.

How long we keep your data

We will hold the change request data that you submit, including your personal data, for a maximum of 3 years. After this point, we will delete all personal data relating to you, but we might retain reports that contain your anonymised request information.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access to or disclosure of the data we collect about you. For example, we protect your data using varying levels of encryption. All third parties that process personal data are also required to keep that data secure.

Your rights

You have the right to withdraw consent to the processing of your personal data.

You also have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that this copy be provided in a structured, commonly used and machine-readable format
  • that anything inaccurate in your personal data is corrected without delay
  • that your personal data is erased if there is no longer a justification for holding it
  • that the processing of your personal data is restricted in certain circumstances (for example, where accuracy is contested)

If you have any of these requests, please contact us using the details listed below.

Contact details

For more details about the Government Digital and Data Profession Capability Framework, contact digitaldatacapabilityframework@dsit.gov.uk.

The data controller for your personal data is the Department for Science, Innovation and Technology. The contact details for our Data Protection Officer are:

Data Protection Officer

Department for Science, Innovation and Technology

22-26 Whitehall

SW1A 2EG

Email: dataprotection@dsit.gov.uk

The Data Protection Officer provides independent advice and monitoring of the Department for Science, Innovation and Technology’s use of personal information.

You can also complain to the Information Commissioner, who is an independent regulator.

Information Commissioner's Office

Email: icocasework@ico.org.uk

Contact form

Telephone: 0303 123 1113

Textphone: 01625 545 860

Changes to this privacy notice

We may change this privacy notice. When we make changes, the ‘last updated’ date at the top of the page will also change.

Any changes to this notice will apply to you and your data immediately. If these changes affect how your personal data is processed, the Capability Framework team will take reasonable steps to make sure you know.