GDPR
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) came into force on 25 May, 2018 and replaced the Data Protection Act 1998.
The GDPR is designed to strengthen and unify individuals' data protection.
An overview of GDPR can be found here.
Who is responsible for data protection at the Trust?
The data protection officer is Amy Witham. You can contact Amy at amy.witham@esneft.nhs.uk.
How long do we keep information?
Information is retained in line with the NHS Records Management Code of Practice which you can read about on the NHS Digital website.
What are my rights under GDPR?
Information regarding your rights can be found on the information commissioners office website
How do you withdraw your consent to us to share information with other organisations?
Please contact the information governance team on 01284 713454. If you're on the hospital site and receiving care, you can also speak to the outpatients or emergency department reception, talk to your clinicians, or ask to speak to someone from the Patient Advice and Liaison Service (PALS) team.
Your rights under GDPR
The right to be informed
You have the right to be informed about the collection and use of your personal information
We must provide you with information including: our purposes for processing your personal information, our retention periods for that personal information, and who it will be shared with. We call this ‘privacy information’.
The right to request access
You have the right to obtain:
- Confirmation that your data is being processed
- Access to your personal data
- Other information
- Evidence that we treat your information within the rules of the law.
The right to request rectification
You have the right to ask that any information you believe is inaccurate to be corrected or completed if it is incomplete.
The right to request erasure
You have the right to ask that we delete any information we hold about you. This is also known as the right to be forgotten.
The right to restrict processing
This means that you can limit the way we share your information. This is an alternative to requesting the erasure of your information.
This means that we can hold your information but we cannot use it or share it with external organisations.
The right to data portability
This allows you to ask for and reuse your personal information for your own purposes for different services
It allows you to move, copy or transfer personal information easily from one IT environment to another in a safe and secure way, without any effect on your ability to use it.
The right to object
- To us using your information for reasons other than to provide you with care
- To your information being used for direct marketing (including profiling)
- To your information being used for purposes of scientific or historical research and statistics.