Confidentiality and GDPR
This is an updated piece of legislation that sets new standards for protecting information.
GDPR stands for General Data Protection Regulation. This new legislation will strengthen the protection of data and provide harmonisation of data protection across the EU and the UK, enforcing far more severe monetary penalties for non-compliance (up to four per cent turnover). GDPR also brings a new set of digital rights for all individuals.
Our commitment to your data privacy and confidentiality
Being honest and clear with patients and staff about how the trust uses personally identifiable information is an important part of the way we provide healthcare. Personal information is about you. We believe it is very important to protect your information in all that we do and use it in the way the law says we can. We take care to put in place controls to make sure your information is safe. We also do checks to make sure that our controls are working.
GDPR gives everyone in the UK more rights around controlling their personal information. It asks all organisations to be really clear with patients, customers, clients and staff about what we do with personal information.
Who is responsible for your data:
- Data protection officer - Leanne McDougall, Head of Information Governance & Records Management
- Senior information risk owner - Sheila Stenson, Chief Finance and Resources Officer / Deputy Chief Executive
- Caldicott Guardian – Afifa Qazi, Chief Medical Officer
A privacy notice is a statement that describes how an organisation collects, uses, retains and shares personal information. It will also tell you about the rights you have around your information. Our privacy notices can be viewed here.
The GDPR provides the following rights for individuals:
Under the UK General Data Protection Regulation (UKGDPR) and The Data Protection Act 2018 (DPA18) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification of your personal data, If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
Personal information held for patients consists of your name, date of birth, marital status, National Health Service number, address, contact telephone numbers, medical condition, your next of kin and a contact number for them.
We have included further details about some of the rights listed in the legislation relevant to our patients.
For more information about the rights that are relevant to our patients, go to the individual rights page.
The Freedom of Information Act (FOIA 2000) gives members of the public the right to ask for information that is held by public sector organisations such as local councils and the NHS. Our publication scheme and contact details can be found on our FOI page.
In line with the recommendations made by the National Data Guardian in her ‘Review of Data Security, Consent and Opt-outs’, the national data opt-out was introduced for the health and social care system on 25 May 2018.
