Personal data and what we hold about you
Your information is held by the trust so we can ensure we give you the correct care and treatment. Personal data means, any information relating to an identified or identifiable natural person (a living individual).
Please see below which may be of use to you.
- Directly or indirectly, in particular, by reference to an identifier such as a name
- An identification number
- Location data
- An online identifier e.g. including IP address and internet cookies
- One or more factors specific to the physical, physiological, genetic e.g. DNA, mental, economic, cultural or social identity of that natural person
Special categories of personal data is defined in the Data Protection Act as information about an identifiable individual’s:
- Racial and ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- The processing of genetic data
- Biometric data for uniquely identifying an individual
- Data concerning health
- Data concerning an individual’s sex life or sexual orientation.
Processing in relation to personal data means any operation or set of operations which are undertaken on personal data, whether by automated means or not:
- Collection, recording, organisation, structuring, storage
- Retrieval, consultation, use
- Adaptation or alteration
- Disclosure by transmission, dissemination or making available
- Alignment or combination
- Restriction, erasure or destruction.
Personal confidential data is personal information about identified or identifiable individuals which is also confidential. ‘Personal’ includes the Data Protection Act definition of personal data, but it also includes deceased as well as the living. ‘Confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’ (e.g. health records) and is adapted to include ‘special categories’ data as defined in the Data Protection Act.
Pseudonymised information means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific individual without the use of additional information, provided that information is kept separately.
Anonymised information is data that has been changed into a form which does not identify individuals and where there is little or no risk of identification.
Aggregated information is anonymised data that is grouped together so that it does not identify any individuals.
Retention schedules
The trust ensures that information is not kept for any longer than is necessary in line with the Data Protection Act 2018 – incorporating GDPR. The trust abides by the NHS Retention Schedules which can be found at NHSX Records Management Code of Practice 2020.