Skip to main content

Data Services for Commissioners Regional Offices (DSCRO) - Demand for service: GDPR information


Why and how we process your data within DSCRO - Demand for service, and your rights.

Controller NHS Digital
How we use the information (processing activities)

A Data Services for Commissioners Regional Office (DSCRO) work with data from GP practices and NHS hospital trusts in regional processing centres. Staff follow strict rules on accessing, analysing and processing data. The powers granted to the organisation by the Health and Social Care Act 2012 which means that staff are operating within an approved legal framework.

Does this contain sensitive (special category) data such as health information? Yes
Who are recipients of this data?

See the data release register for more details.

Is data transferred outside the UK? No
How long the data is kept 20 years maximum
Our lawful basis for holding this data Legal obligation
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Cross Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Cross Object to it being processed or used
  • Cross Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Consent not the basis for processing

Is the data subject to decisions made solely by computers? (automated decision making) No
Where does this data come from? NHS funded organisation providing health and care
The legal basis for collecting this data

Legal obligation (Direction) and management of health and social care systems

Where NHS Digital uses this data