We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
This policy and guidance is being developed by the national GDPR working group, chaired by NHS England, for publication by the Information Governance Alliance (IGA).Those with senior responsibility for Information Governance can use the guidance to learn how to comply with the GDPR. This includes Caldicott Guardians, operational IG leads and managers, plus all employees.
The guidance will help organisations to make the changes needed due to the EU General Data Protection Regulation, which will happen even though the UK is not an EU member state.
If you have any specific queries, please contact us and we will try and answer these as best possible. However, where it is not possible or the query best sits with another team or organisation we will let you know. We also recommend you contact the Information Commissioner's Office (ICO) with enquiries.
- The ICO has produced a range of resources on its data protection reform website. GDPR guidance will continue to be published on this site.
Contact the Information Commissioner's Office (ICO) if you have an enquiry on GDPR.
When guidance is being published
The IGA is working hard with other partners to try and ensure material is published as quickly as possible. However, we do acknowledge the need to consider both the forthcoming Article 29 working party guidance and that by the ICO in reviewing and drafting our advice pieces. We will also review, where appropriate, published advice once the Data Protection Bill is approved as it may change the advice provided.
The list below gives an idea of the expected timeframe for publication. Please note this may change and details will be updated here.
- Changes to data protection legislation: why this matters to you (CEO briefing on GDPR and accountability for data protection)
- Frequently asked questions (updated regularly)
- GDPR: what's new
- GDPR: implementation checklist
- GDPR: guidance on the Data Protection Officer
- GDPR: guidance on accountability and organisational priorities
- GDPR: guidance on consent
- GDPR: guidance on lawful processing
- GDPR: General Practitioner advice note
- Privacy by design and default
- Personal data breaches and notification
- Profiling and risk stratification
- GDPR overview
- Primary care suite: optometry, pharmaceutical and dental
- Transparency and subjects' rights
- Social care awareness guidance
The IGA will continue to provide more information about how health and care organisations are affected and what you can do as it becomes available.
Watch this GDPR webinar
Please watch a GDPR webinar that was presented from Leeds in February 2017.
For more general information about preparing for GDPR please contact the Information Commissioner's Office.