Privacy notice
Last update: 22 January 2026
The Government Digital Service (GDS) manages the Government Digital and Data Profession Capability Framework (previously known as the ‘DDaT Capability Profession Framework’).
GDS is part of the Department of Science Innovation and Technology (DSIT), which is the data controller. A data controller determines how and why personal data can be processed. Read the Department for Science, Innovation and Technology entry in the Data Protection Public Register for more information.
This privacy notice gives you general information on how we handle data in the Capability Framework team from:
- change request submissions
- votes on proposals to the Capability Framework Design Council
- feedback submissions
For more details about the team, contact digitaldatacapabilityframework@dsit.gov.uk
Why we need your data
When submitting a change request
We need information about you when you submit a Capability Framework change request so that:
- we can verify that you’re a member of government staff
- we can follow up with any questions relating to your request
When submitting a vote on a proposal on behalf of your organisation
The data we ask for identifies the organisation you are submitting a vote on behalf of.
We do not ask you for any personal data when submitting your organisation’s vote.
When giving us feedback on the framework or related products
We do not ask you for any personal data when you give us feedback.
Our legal basis for using your data
We use your data because you have consented for us to do so when submitting a change request.
What data we collect from you
When submitting a change request
The personal data we collect from you when you submit a change request includes your:
- name
- job title
- government department, agency or public body
- email address
When submitting a vote on a proposal on behalf of your organisation
We do not ask for any of your personal data.
We ask you for:
- a code that identifies your organisation
- optional comments about the reasons for the vote
When giving us feedback on the framework or related products
We do not ask you for any personal data when you give us feedback.
What we do with your data
We may use the following third party tools and services to collect or analyse your data:
- survey tools
- online collaboration tools, including video conference and virtual whiteboard tools
If we do any of the above, we will monitor and limit the access that people outside the Capability Framework team have to your data. The privacy policies of these external organisations will also apply.
We will not:
- sell or rent any of your data to third parties
- share your data with third parties for marketing purposes
Where your data is processed and stored
Your personal data will be stored on our IT systems, which are provided by third party email, document management and storage service providers.
Your personal data may be transferred outside the United Kingdom while being processed. If this happens, it will be subject to equivalent legal protection through the use of adequacy decisions. If no relevant adequacy decision exists, standard contractual clauses will be used instead.
How long we keep your data
We will hold the change request data that you submit, including your personal data, for a maximum of 3 years. After this point, we will delete all personal data relating to you, but we might retain reports that contain your anonymised request information.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access to or disclosure of the data we collect about you. For example, we protect your data using varying levels of encryption. All third parties that process personal data are also required to keep that data secure.
Your rights
You have the right to withdraw consent to the processing of your personal data.
You also have the right to request:
- information about how your personal data is processed
- a copy of that personal data
- that this copy be provided in a structured, commonly used and machine-readable format
- that anything inaccurate in your personal data is corrected without delay
- that your personal data is erased if there is no longer a justification for holding it
- that the processing of your personal data is restricted in certain circumstances (for example, where accuracy is contested)
If you have any of these requests, please contact us using the details listed below.
Contact details
For more details about the Government Digital and Data Profession Capability Framework, contact digitaldatacapabilityframework@dsit.gov.uk.
The data controller for your personal data is the Department for Science, Innovation and Technology. The contact details for our Data Protection Officer are:
Data Protection Officer
Department for Science, Innovation and Technology
22-26 Whitehall
SW1A 2EG
Email: dataprotection@dsit.gov.uk
The Data Protection Officer provides independent advice and monitoring of the Department for Science, Innovation and Technology’s use of personal information.
You can also complain to the Information Commissioner, who is an independent regulator.
Information Commissioner's Office
Email: icocasework@ico.org.uk
Telephone: 0303 123 1113
Textphone: 01625 545 860
Changes to this privacy notice
We may change this privacy notice. When we make changes, the ‘last updated’ date at the top of the page will also change.
Any changes to this notice will apply to you and your data immediately. If these changes affect how your personal data is processed, the Capability Framework team will take reasonable steps to make sure you know.