Skip to main content
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. More about the merger.

Diabetic Retinopathy Eye Screening - GP2DRS: GDPR information


Why and how we process your data in the Diabetic Retinopathy Eye Screening system, and your rights.

Controller NHS Digital, Public Health England (PHE)
How we use the information (processing activities)

To invite appropriate people to Diabetic Retinopathy eye screenings. Local services that use the system receive a monthly list of all patients eligible for screening at the practices in their area. This list contains up to date demographic details of the patients, making sure invites are sent to the correct address. This notice only covers NHS Digital's collection and use of personal data.

Does this contain sensitive (special category) data such as health information? Yes
Who are recipients of this data?

Identifiable Patient Level information shared with Public Health England (PHE)

Is data transferred outside the UK? No
How long the data is kept 2 months minimum
Our lawful basis for holding this data Legal obligation
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Cross Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Cross Object to it being processed or used
  • Cross Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Yes - via the organisation original consent was provided to

Is the data subject to decisions made solely by computers? (automated decision making) No
Where does this data come from? General Practice (GP) medical records
The legal basis for collecting this data

Legal obligation (Direction) and management of health and social care systems

Where NHS Digital uses this data