Confidentiality and GDPR

This is an updated piece of legislation that sets new standards for protecting information.

GDPR stands for General Data Protection Regulation. This new legislation will strengthen the protection of data and provide harmonisation of data protection across the EU and the UK, enforcing far more severe monetary penalties for non-compliance (up to four per cent turnover). GDPR also brings a new set of digital rights for all individuals.

Our commitment to your data privacy and confidentiality

Being honest and clear with patients and staff about how the trust uses personally identifiable information is an important part of the way we provide healthcare. Personal information is about you. We believe it is very important to protect your information in all that we do and use it in the way the law says we can. We take care to put in place controls to make sure your information is safe. We also do checks to make sure that our controls are working.

GDPR gives everyone in the UK more rights around controlling their personal information. It asks all organisations to be really clear with patients, customers, clients and staff about what we do with personal information.

Who is responsible for your data:

  • Data protection officer - Leanne McDougall, Head of Information Governance & Records Management 
  • Senior information risk owner - Sheila Stenson, Chief Finance and Resources Officer / Deputy Chief Executive 
  • Caldicott Guardian – Afifa Qazi, Chief Medical Officer 
Privacy notice

A privacy notice is a statement that describes how an organisation collects, uses, retains and shares personal information. It will also tell you about the rights you have around your information. Our privacy notices can be viewed here.

Access to healthcare records

GDPR and the Data Protection Act 2018 give every living person or their authorised representative the right to apply for access to their healthcare record. For further information and an application form, please see our access to healthcare records page.

Freedom of Information

The Freedom of Information Act (FOIA 2000) gives members of the public the right to ask for information that is held by public sector organisations such as local councils and the NHS. Our publication scheme and contact details can be found on our FOI page.

National Data Opt-Out Policy

In line with the recommendations made by the National Data Guardian in her ‘Review of Data Security, Consent and Opt-outs’, the national data opt-out was introduced for the health and social care system on 25 May 2018. 

Click here to view the National Data Opt-Out Policy

Right to Rectification

Under Article 16 of the UK GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.

This right has close links to the accuracy principle of the UK GDPR (Article 5(1)(d)). However, although you may have already taken steps to ensure that the personal data was accurate when you obtained it, this right imposes a specific obligation to reconsider the accuracy upon request.

The UK GDPR does not give a definition of the term accuracy. However, the Data Protection Act 2018 (DPA 2018) states that personal data is inaccurate if it is incorrect or misleading as to any matter of fact.