Privacy Policy – GDPR

The General Data Protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data.

The Regulation applied from 25th May 2018, and will apply even after the UK leaves the EU.

Please see our GPDR Fair Processing Notice for information on how we manage and store your personal information.

COVID-19 Privacy Notice

General Practice Extraction Service (GPES) Covid-19 Planning and Research data

Purpose

Personal Confidential and Special Category data will be extracted at source from GP systems for the use of planning and research for the Covid-19 pandemic emergency period. Requests for data will be required from NHS Digital via their secure NHSX SPOC Covid-19 request process.

Legal Basis

NHS Digital has been directed by the Secretary of State under section 254 of the 2012 Act under the COVID-19 Direction to establish and operate a system for the collection

and analysis of the information specified for this service: GPES Data for Pandemic Planning and Research (COVID-19). A copy of the COVID-19 Direction is published here.

Patients who have expressed an opt-out preference via Type 1 objections with their GP surgery not to have their data extracted for anything other than their direct care will not be party to this data extraction.

Processor

NHS Digital