National Fraud Initiative


Southern Regional College is required by law to protect the public funds it administers. We may share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. We are required to participate in the National Fraud Initiative (NFI) data matching exercises to assist in the prevention and detection of fraud and are required to provide particular sets of data to the Comptroller and Auditor General (C&AG) for matching. Details are set out on the Northern Ireland Audit Office website

The C&AG audits the accounts of the College and is also responsible for carrying out data matching exercises under his powers in Articles 4A to 4G of the Audit and Accountability (Northern Ireland) Order 2003.

Legal basis

Under the GDPR (article 6(1)) and the Data Protection Act 2018 (section 8), the legal basis for processing personal data under the NFI is that it is necessary for the performance of a task carried out in the public interest or in exercise of the data controller’s official authority.

Southern Regional College share data for this exercise with the C&AG under legislative powers included in the Audit and Accountability (NI) Order 2003, articles 4A to 4H. The use of data by the C&AG in a data matching exercise is carried out with statutory authority. It does not require the consent of the individuals concerned under the Data Protection Act 2018.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. We are required to share information that you may provide when seeking payment of an invoice this is referred to as trade creditor standing and payment history data; or when seeking payment for employment this is known as payroll data.

The data shared is usually personal information. Computerised data matching allows fraudulent claims and payments to be identified. Where a match is found, it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

Retention of Data

Data retention under the NFI will be in accordance with a data deletion schedule to be published on the Cabinet Office’s NFI web page at

The College and our auditors may retain some data for a longer period, for the purposes of audit, continuing investigations or prosecutions. Data subjects should refer to the College privacy notice for further details on retention periods.

Code of Data Matching Practice

Data matching by the C&AG is subject to a Code of Data Matching Practice, available at

Concerns about non-compliance with the Code by the C&AG should be addressed to the Northern Ireland Audit Office before contacting the Information Commissioner.