We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
GP Connect: GDPR information
Summary
Why and how we process your data in the General Practice (GP) Connect Service, and your rights.
| Controller | NHS Digital |
| How we use the information (processing activities) | General Practice (GP) Connect is a direct care service that allows authorised health and care professionals to access patient information held by a General Practice. GP Connect uses the Spine Security Proxy (SSP) to record data relating to each access request including NHS Numbers as well as system identification details. This data is used to manage the health or care system and service. |
| Does this contain sensitive (special category) data such as health information? | No |
| Is data transferred outside the UK? | This data is not transferred out of the UK |
| How long the data is kept | 2 years minimum after creation of audit record |
| Our lawful basis for holding this data | Legal obligation |
| Your rights |
|
| How can you withdraw your consent? |
Consent is not the basis for processing. |
| Is the data subject to decisions made solely by computers? (automated decision making) | No |
| Where does this data come from? | Health and social care systems used to request or respond to access requests |
| The legal basis for collecting this data | Legal Obligation (Direction), Management of health or social care systems and services |
