We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
NHS Health Check: GDPR information
Why and how we process your data in the NHS Health Check system, and your rights.
|Controller||NHS Digital, Public Health England (PHE)|
|How we use the information (processing activities)||NHS Digital collects data on individuals aged 40 - 74 from General Practices (GPs) concerning attendance for a health check after being invited and provides the data to Public Health England (PHE) for monitoring and improving the management of health care services. This notice only covers NHS Digital's collection and use of personal data.|
|Does this contain sensitive (special category) data such as health information?||Yes|
|Who are recipients of this data?||
Public Health England
|Is data transferred outside the UK?||No|
|How long the data is kept||20 years|
|Our lawful basis for holding this data||Legal obligation|
|How can you withdraw your consent?||
Consent not the basis for processing - Type 1 objections applied
|Is the data subject to decisions made solely by computers? (automated decision making)||No|
|Where does this data come from?||General Practice (GP) medical records|
|The legal basis for collecting this data||
Legal obligation (Direction) and management of health and social care systems
Where NHS Digital uses this data
NHS Digital, acting on behalf of Public Health England (PHE), will be collecting information about the numbers of people who are invited to an NHS Health Check and either attend or do not attend.