Skip to main content

National Diabetes Audit (NDA) Core: GDPR information


Why and how we process your data in the National Diabetes Audit (NDA) Core system, and your rights.

Controller NHS Digital
How we use the information (processing activities) Provision of the National Diabetes Audit to check individuals with diabetes are receiving annual care checks, their treatment targets and potentially identify those at high risk of developing diabetes.
Does this contain sensitive (special category) data such as health information? Yes
Who are recipients of this data?


Is data transferred outside the UK? No
How long the data is kept 8 years minimum after no longer required
Our lawful basis for holding this data Legal obligation
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Cross Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Cross Object to it being processed or used
  • Cross Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Consent not the basis for processing

Is the data subject to decisions made solely by computers? (automated decision making) No
Where does this data come from? General Practice (GP) medical records
The legal basis for collecting this data

Legal obligation (Direction) and management of health and social care systems

Where NHS Digital uses this data


National Diabetes Audit

The National Diabetes Audit is one of the largest annual clinical audits in the world. It measures the effectiveness of diabetes healthcare against NICE Clinical Guidelines and NICE Quality Standards in England and Wales for both primary and secondary care.