NHS Digital and the General Data Protection Regulation (GDPR)
What we're doing to prepare for the new data protection law, to make sure health and care data is always collected, stored, analysed and shared securely and legally.
The GDPR comes into effect in the UK on 25 May 2018. We are the guardians of health and care data in England, and are working to make sure that we will be prepared for the changes. This means that your health and care data will carry on being handled securely and in line with the regulations.
Official guidance for health and care
The Information Commissioner's Office (ICO) has published guidance on the GDPR. A national GDPR working group and the Information Governance Alliance are creating official guidance for the NHS, social care and partner organisations on how health and care organisations should prepare for these changes to data protection law. You should go to these organisations for guidance on what your organisation should do to prepare for GDPR.
Implementing GDPR within NHS Digital
We are confident that we will be able to implement the GDPR successfully, building on our track record of data security and our compliance with the Data Protection Act 1998 (DPA). We have established an internal working group to implement the GDPR before it comes into effect. This group will be supported by guidance issued by the ICO and the GDPR health working group.
Impact on customers and stakeholders
Our systems and services will not be changing and we expect any impact will be small.
Impact on the public whose data we hold
Our duty to safeguard patient data has not changed and is our priority. The GDPR creates some new rights for individuals and also it strengthens some of the rights that currently exist under the DPA. We will work to make sure that these rights are properly implemented, and any changes in the ways we collect, store or share your data are communicated through the website.
We are keen to be as transparent as possible. If you would like any further information on how we are responding to the changes introduced by the GDPR, please email email@example.com.