Diabetic Retinopathy Eye Screening - GP2DRS: GDPR information

Summary

Why and how we process your data in the Diabetic Retinopathy Eye Screening system, and your rights.

Controller	NHS Digital, Public Health England (PHE)
How we use the information (processing activities)	To invite appropriate people to Diabetic Retinopathy eye screenings. Local services that use the system receive a monthly list of all patients eligible for screening at the practices in their area. This list contains up to date demographic details of the patients, making sure invites are sent to the correct address. This notice only covers NHS Digital's collection and use of personal data.
Does this contain sensitive (special category) data such as health information?	Yes
Who are recipients of this data?	Identifiable Patient Level information shared with Public Health England (PHE)
Is data transferred outside the UK?	No
How long the data is kept	2 months minimum
Our lawful basis for holding this data	Legal obligation
Your rights	Be informed Get access to it Rectify or change it Erase or remove it Restrict or stop processing it Move, copy or transfer it Object to it being processed or used Know if a decision was made by a computer rather than a person
How can you withdraw your consent?	Yes - via the organisation original consent was provided to
Is the data subject to decisions made solely by computers? (automated decision making)	No
Where does this data come from?	General Practice (GP) medical records
The legal basis for collecting this data	Legal obligation (Direction) and management of health and social care systems

Where NHS Digital uses this data

internal

GP2DRS (Diabetic eye screening programme)

Screening is the process of identifying people who appear healthy, but who may be at increased risk of a disease or condition.