NHS Business Services Authority (NHSBSA) Medicines Data: GDPR information
|Controller||NHS Digital (in relation to processing the personal data) and the Department of Health and Social Care (DHSC) (in relation to determining the purpose for processing the data through the issuing of a direction to NHS Digital)|
|How we use the information (processing activities)||NHS Digital collects, publishes and distributes medicines data received from the NHS Business Services Authority (NHSBSA) each month to improve patient safety, help plan and improve NHS services and for research via NHS Digital's Data Access Request Service (DARS).|
|Does this contain sensitive (special category) data such as health information?||Yes|
|Who are recipients of this data?||
Data recipients are recorded in the Register of approved Data Releases. Information is also shared with NHS Business Services Authority to support medicines safety.
|Is data transferred outside the UK?||This data is not transferred out of the UK|
|How long the data is kept||Data retention will be reviewed after 8 years (on 1 April for any data received in the previous 12 months)|
|Our lawful basis for holding this data||Legal obligation|
|How can you withdraw your consent?||
Consent not the basis for processing.
|Is the data subject to decisions made solely by computers? (automated decision making)||No|
|Where does this data come from?||NHS Business Services Authority (NHSBSA)|
|The legal basis for collecting this data||
Article 6 (1) (c) - Legal Obligation (Direction),
Schedule 1, Part 1 - Health or social care purpose