Skip Navigation

General Data Protection Regulation (GDPR) guidance

This guidance from the national GDPR working group and IGA will help the NHS, social care and partner organisations prepare for EU General Data Protection Regulation (GDPR), when it begins in May 2018.

This policy and guidance is being developed by the national GDPR working group, chaired by NHS England, for publication by the Information Governance Alliance (IGA).Those with senior responsibility for Information Governance can use the guidance to learn how to comply with the GDPR. This includes Caldicott Guardians, operational IG leads and managers, plus all employees.

The guidance will help organisations to make the changes needed due to the EU General Data Protection Regulation, which will happen regardless of Brexit.

While the IGA will cascade this information it is not able to answer specific enquiries relating to the Regulations. Please contact the Information Commissioner's Office (ICO) with enquiries.

Further information


When guidance is being published

Guidance is due to be published in blocks, starting in June 2017 after the general election. These are the planned subject matters:

  1. Changes to Data Protection legislation: why this matters to you (CEO briefing on GDPR and Accountability for Data Protection)
  2. Data protection accountability and governance
  3. Privacy by design and default
  4. Implications of the GDPR for Health and Social Care Research
  5. Health and Social Care Research: legal basis and safeguards
  6. Transparency, consent and subjects rights
  7. Consent
  8. Pseudonymisation
  9. Personal data breaches and notification
  10. Profiling and risk stratification
  11. GDPR overview
  12. What's new and what changes

The IGA will provide more information about how health and care organisations are affected and what you can do as it becomes available.

Watch this GDPR webinar

Please watch a GDPR webinar that was presented from Leeds in February 2017.

For more general information about preparing for GDPR please contact the Information Commissioner's Office.

We use cookies to provide you with a better service. Carry on browsing if you're happy with this, or find out how to manage cookies. Find out more