The Home Office is the data controller for all data processed within the EU Settlement Scheme, this includes where organisations are contracted to act on behalf of the Home Office as the Home Office. No other organisations have access to the personal information of applicants to the EU Settlement Scheme. The Home Office may however share information with other organisations, but only where the information needs to be shared and there is an appropriate legal basis for doing so. Further detail on this is set out in the Borders, Immigration and Citizenship System privacy information notice:
The Home Office takes its data security and data protection obligations ex-tremely seriously. There are processes in place in the Home Office for the capturing and mitigation of risks and vulnerabilities to ensure appropriate con-trol of our services. I can confirm this is the case for the EU Settlement Scheme
All Home Office systems including EU Exit applications undergo rigorous cyber assessments prior to launch. This includes an independent security testing to ensure they are resilient to external attack.
Our IT systems hosting platform include a number of mechanisms to detect and respond to malicious intrusions.
All data is encrypted both in transit and at rest. Our IT staff are security cleared and your data will only be accessed by those who have a valid business reason to access it. The Home Office regularly monitors the systems for abuse and misuse.
With this non-exhaustive list of measures, we protect the data of non-UK EU citizens who register under the Settlement Scheme.