Data Protection and GDPR
Last Updated: Thursday, 27 November 2025The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
You can write to us to request a copy of the information we hold about you. Information regarding the information hold, along with details of our Data Protection Officer (DPO) can be found in our privacy notices below;
Patient Privacy Notice ( V2.0)
Privacy Notice Care Quality Commission
Privacy Notice For Direct Care
Privacy Notice For National Screening Programs
Privacy Notice For Summary Care Record