We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Diabetes Prevention Programme (DPP): GDPR information
Summary
Why and how we process your data in the Diabetes Prevention Programme (DPP) system, and your rights.
| Controller | NHS Digital |
| How we use the information (processing activities) | Provision of the National Diabetes Audit (NDA) for individuals with diabetes to improve their care. |
| Does this contain sensitive (special category) data such as health information? | Yes |
| Who are recipients of this data? |
None |
| Is data transferred outside the UK? | No |
| How long the data is kept | 8 years minimum after no longer required |
| Our lawful basis for holding this data | Legal obligation |
| Your rights |
|
| How can you withdraw your consent? |
Consent not the basis for processing |
| Is the data subject to decisions made solely by computers? (automated decision making) | No |
| Where does this data come from? | General Practice (GP) medical records |
| The legal basis for collecting this data | Legal obligation (Direction) and management of health and social care systems |
Where NHS Digital uses this data
National Diabetes Audit and Diabetes Prevention Programme (NDA-DPP) pilot study
This pilot looked at how GP practices record information on non-diabetic hyperglycaemia, (pre-diabetes), to identify the best way to add this data to the National Diabetes Audit dataset.