Diabetes Prevention Programme (DPP): GDPR information

Summary

Why and how we process your data in the Diabetes Prevention Programme (DPP) system, and your rights.

Controller	NHS Digital
How we use the information (processing activities)	Provision of the National Diabetes Audit (NDA) for individuals with diabetes to improve their care.
Does this contain sensitive (special category) data such as health information?	Yes
Who are recipients of this data?	None
Is data transferred outside the UK?	No
How long the data is kept	8 years minimum after no longer required
Our lawful basis for holding this data	Legal obligation
Your rights	Be informed Get access to it Rectify or change it Erase or remove it Restrict or stop processing it Move, copy or transfer it Object to it being processed or used Know if a decision was made by a computer rather than a person
How can you withdraw your consent?	Consent not the basis for processing
Is the data subject to decisions made solely by computers? (automated decision making)	No
Where does this data come from?	General Practice (GP) medical records
The legal basis for collecting this data	Legal obligation (Direction) and management of health and social care systems

Where NHS Digital uses this data

internal

National Diabetes Audit and Diabetes Prevention Programme (NDA-DPP) pilot study

This pilot looked at how GP practices record information on non-diabetic hyperglycaemia, (pre-diabetes), to identify the best way to add this data to the National Diabetes Audit dataset.