We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
General Data Protection Regulation (GDPR) - information
How we've ensured compliance with data protection law, to make sure health and care data is always collected, stored, analysed and shared securely and legally.
The GDPR came into effect in the UK on 25 May 2018. We are the guardians of health and care data in England, and have made sure we comply with GDPR. This means that your health and care data will carry on being handled securely and in line with the regulations.
We have built on our track record of data security and our compliance with the Data Protection Act 1998 (DPA) to remain compliant with changing data protection law. We established an internal working group to implement the GDPR before it came into effect. This group was supported by guidance issued by the ICO and the GDPR health working group. We outlined our strategic approach in our GDPR Strategy document and in our GDPR Prioritisation plan.
Impact on customers and stakeholders
Our systems and services have not changed and there has been no impact on our service delivery.
Impact on the public whose data we hold
Our duty to safeguard patient data has not changed and is our priority. The GDPR creates some new rights for individuals and also it strengthens some of the rights that currently exist under the DPA. We have worked to make sure that these rights are properly implemented, and any changes in the ways we collect, store or share your data are communicated through the website.
Finding out more about GDPR and the information we collect
We have developed a register of our collections that has been designed to tell you which of the the rights under GDPR apply to each collection, and what, in terms of the law, allows us to collect the information.