Respond to an NHS cyber alert (formerly CareCERT collect): GDPR information
Why and how we process your data within CareCERT collect, and your rights.
|How we use the information (processing activities)||Provision of cyber and data security services to the health and care system. Data collection of internet protocol (IP) data to carry out non-intrusive vulnerability scanning, user details to contact them about the output of IP scanning or other cyber matters, senior information risk owner (SIRO) details to provide a escalation point when required, and intelligence on alerts to focus our limited resources on sites needing our support during a cyber incident. Data collected also helps us determine the scope of a cyber incident when it occurs.|
|Does this contain sensitive (special category) data such as health information?||No|
|Who are recipients of this data?||
|Is data transferred outside the UK?||No|
|How long the data is kept||20 years after no longer required|
|Our lawful basis for holding this data||Public task|
|How can you withdraw your consent?||
Consent not the basis for processing
|Is the data subject to decisions made solely by computers? (automated decision making)||No|
|Where does this data come from?||Networking device|
|The legal basis for collecting this data||
Public task and Health and Social Care Act (2012) – Schedule 18, part 10 (1)
Where NHS Digital uses this data
We support health and care organisations to manage cyber security risk. This enables the safe and secure use of data and technology to deliver improved patient care.