NHS Business Services Authority (NHSBSA) Medicines Data: GDPR information
|Controller||NHS Digital (in relation to processing the personal data) and the Department of Health and Social Care (DHSC) (in relation to determining the purpose for processing the data through the issuing of a direction to NHS Digital)|
|How we use the information (processing activities)||
NHS Digital collects, publishes and distributes medicines data received from the NHS Business Services Authority (NHSBSA) each month to improve patient safety, help plan and improve NHS services and for research via NHS Digital's Data Access Request Service (DARS). NHS Digital will be collecting this data from July 2020. Medicines data was previously collected by NHSBSA since April 2015 and this historical data will also be transferred to NHS Digital.
|Does this contain sensitive (special category) data such as health information?||Yes|
|Who are recipients of this data?||
Data recipients are recorded in the Register of approved Data Releases. Information is also shared with NHS Business Services Authority to support medicines safety.
|Is data transferred outside the UK?||Not for the purpose of processing it by NHS Digital. It may be transferred outside of the UK if this was approved by NHS Digital through the DARS process for any particular dissemination.|
|How long the data is kept||Data retention will be reviewed after 8 years (on 1 April for any data received in the previous 12 months)|
|Our lawful basis for holding this data||Legal obligation|
|How can you withdraw your consent?||
Consent not the basis for processing.
|Is the data subject to decisions made solely by computers? (automated decision making)||No|
|Where does this data come from?||NHS Business Services Authority (NHSBSA)|
|The legal basis for collecting this data||
Article 6 (1) (c) - Legal Obligation (Direction),
Schedule 1, Part 1 - Health or social care purpose