Skip Navigation

NHS Digital and the General Data Protection Regulation (GDPR)

What we're doing to prepare for the new data protection law, to make sure health and care data is always collected, stored, analysed and shared securely and legally.

The GDPR comes into effect in the UK on 25 May 2018. We are the guardians of health and care data in England, and are working to make sure that we will be prepared for the changes. This means that your health and care data will carry on being handled securely and in line with the regulations.

Official guidance for health and care

The Information Commissioner's Office (ICO) has published guidance on the GDPR. A national GDPR working group and the Information Governance Alliance are creating official guidance for the NHS, social care and partner organisations on how health and care organisations should prepare for these changes to data protection law. You should go to these organisations for guidance on what your organisation should do to prepare for GDPR.

Implementing GDPR within NHS Digital

We are confident that we will be able to implement the GDPR successfully, building on our track record of data security and our compliance with the Data Protection Act 1998 (DPA). We have established an internal working group to implement the GDPR before it comes into effect. This group will be supported by guidance issued by the ICO and the GDPR health working group.

Impact on customers and stakeholders

Our systems and services will not be changing and we expect any impact will be small.

Impact on the public whose data we hold

Our duty to safeguard patient data has not changed and is our priority. The GDPR creates some new rights for individuals and also it strengthens some of the rights that currently exist under the DPA. We will work to make sure that these rights are properly implemented, and any changes in the ways we collect, store or share your data are communicated through the website.

Contact us

We are keen to be as transparent as possible. If you would like any further information on how we are responding to the changes introduced by the GDPR, please email enquiries@nhsdigital.nhs.uk.

Have a question? Call us on 0300 303 5678 or contact enquiries@nhsdigital.nhs.uk.

Tell us what you think of the new website beta.

We use cookies to provide you with a better service. Carry on browsing if you're happy with this, or find out how to manage cookies. Find out more