We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
General Practice Data for Planning and Research - DARS access/dissemination: GDPR information
Who we share General Practice Data for Planning and Research (GPDPR) data with and your rights.
|How we use the information (processing activities)||
Patient data from GP medical records kept by GP practices in England is used every day to improve health, care and services through planning and research, helping to find better treatments and improve patient care. The NHS is introducing an improved way to share this information - called the General Practice Data for Planning and Research data collection. NHS Digital will collect, analyse, publish and share this patient data to improve health and care services for everyone. This includes: (1) informing and developing health and social care policy (2) planning and commissioning health and care services (3) taking steps to protect public health (including managing and monitoring the coronavirus pandemic) (4) in exceptional circumstances, providing you with individual care (5) enabling healthcare and scientific research - Any data that NHS Digital collects will only be used for health and care purposes. It is never shared with marketing or insurance companies.
|Does this contain sensitive (special category) data such as health information?||Yes|
|Who are recipients of this data?||
There are a number of organisations who are likely to need access to different elements of patient data from the General Practice Data for Planning and Research collection. These include but may not be limited to:
All requests to access patient data from this collection, other than anonymous aggregate statistical data, will be assessed by NHS Digital’s Data Access Request Service, to make sure that organisations have a legal basis to use the data and that it will be used safely, securely and appropriately.
|Is data transferred outside the UK?||NHS Digital only stores and processes patient data for this data collection within the United Kingdom (UK). Fully anonymous data (that does not allow you to be directly or indirectly identified), for example statistical data that is published, may be stored and processed outside of the UK. Some of our processors may process patient data outside of the UK. If they do, we will always ensure that the transfer outside of the UK complies with data protection laws.|
|How long the data is kept||We will keep your patient data for as long as is necessary for the purposes outlined above in accordance with the Records Management Code of Practice for Health and Social Care 2016 and NHS Digital's Records Management Policy. Other organisations with whom we share your personal data must only keep it for as long as is necessary and as set out in the Data Sharing Agreement with that organisation. Information about this will be provided in their privacy notices on their websites.|
|Our lawful basis for holding this data||Legal obligation|
|How can you withdraw your consent?||
Consent is the not the basis for processing.
|Is the data subject to decisions made solely by computers? (automated decision making)||No|
|Where does this data come from?||GP practices in England|
|The legal basis for collecting this data||
Our legal basis for collecting and analysing this patient data is Article 6(1)(c) legal obligation, as we require the data to comply with the General Practice Data for Planning and Research Directions 2021.
Our legal basis for collecting and analysing patient data relating to health is Article 9(2)(g) – substantial public interest, for the purposes of NHS Digital exercising its statutory functions under the General Practice Data for Planning and Research Directions. It is substantially in the public interest to process patient data for planning and research purposes to improve health and care services for everyone. This is permitted under paragraph 6 of Schedule 1 of the Data Protection Act 2018 (DPA).
Read more about our legal basis for sharing this data