Skip to main content

Individual General Practice (GP) level data: GDPR information

Summary

Why and how we process your data within Individual General Practice (GP) level data, and your rights.

Controller NHS Digital
How we use the information (processing activities) Creation of General Practice reports containing quality of care and outcome data for their patients.
Does this contain sensitive (special category) data such as health information? No
Who are recipients of this data?

Aggregated data shared with appropriate General Practice and General Practitioners

Is data transferred outside the UK? No
How long the data is kept 1 year minimum after no longer required
Our lawful basis for holding this data Legal obligation
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Cross Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Cross Object to it being processed or used
  • Cross Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Consent not the basis for processing - Type 1 objections applied

Is the data subject to decisions made solely by computers? (automated decision making) No
Where does this data come from? General Practice (GP) medical records
The legal basis for collecting this data

Legal obligation (Direction)

Where NHS Digital uses this data

internal

Individual GP level data

The Government's mandate to NHS England includes a task of working with NHS Digital and The Department of Health (DH) to provide General Practitioners (GPs) and general practices with information on the care provision for their patients.