Skip to main content
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. More about the merger.

NHS Health Check: GDPR information


Why and how we process your data in the NHS Health Check system, and your rights.

Controller NHS Digital, Public Health England (PHE)
How we use the information (processing activities)

NHS Digital collects data on individuals aged 40 - 74 from General Practices (GPs) concerning attendance for a health check after being invited and provides the data to Public Health England (PHE) for monitoring and improving the management of health care services. This notice only covers NHS Digital's collection and use of personal data.

Does this contain sensitive (special category) data such as health information? Yes
Who are recipients of this data?

Public Health England

Is data transferred outside the UK? No
How long the data is kept 20 years
Our lawful basis for holding this data Legal obligation
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Cross Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Cross Object to it being processed or used
  • Cross Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Consent not the basis for processing - Type 1 objections applied

Is the data subject to decisions made solely by computers? (automated decision making) No
Where does this data come from? General Practice (GP) medical records
The legal basis for collecting this data

Legal obligation (Direction) and management of health and social care systems

Where NHS Digital uses this data


NHS Health Checks

NHS Digital, acting on behalf of Public Health England (PHE), will be collecting information about the numbers of people who are invited to an NHS Health Check and either attend or do not attend.