We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
The GDPR came into effect in the UK on 25 May 2018. We are the guardians of health and care data in England, and have made sure we comply with GDPR. This means that your health and care data will carry on being handled securely and in line with the regulations.
Contact the Information Commissioner's Office (ICO) if you have an enquiry about complying with the GDPR in your own organisation.
Official guidance for health and care
The Information Commissioner's Office (ICO) has published guidance on the GDPR. A national GDPR working group and the Information Governance Alliance have created official guidance for the NHS, social care and partner organisations on how health and care organisations should prepare for these changes to data protection law. You should go to these organisations for guidance on what your organisation should do to prepare for GDPR.
Implementing GDPR within NHS Digital
We have built on our track record of data security and our compliance with the Data Protection Act 1998 (DPA) to remain compliant with changing data protection law. We established an internal working group to implement the GDPR before it came into effect. This group was supported by guidance issued by the ICO and the GDPR health working group. We outlined our strategic approach in our GDPR Strategy document and in our GDPR Prioritisation plan.
Impact on customers and stakeholders
Our systems and services have not changed and there has been no impact on our service delivery.
Impact on the public whose data we hold
Our duty to safeguard patient data has not changed and is our priority. The GDPR creates some new rights for individuals and also it strengthens some of the rights that currently exist under the DPA. We have worked to make sure that these rights are properly implemented, and any changes in the ways we collect, store or share your data are communicated through the website.
Finding out more about GDPR and the information we collect
We have developed a register of our collections that has been designed to tell you which of the the rights under GDPR apply to each collection, and what, in terms of the law, allows us to collect the information.
We are keen to be as transparent as possible. If you would like any further information on how we are responding to the changes introduced by the GDPR, please email email@example.com.