GDPR - your data
How we manage your data
The data protection law changed in May 2018. A new law, called the General Data Protection Regulation (GDPR), came into force to protect your data. As an organisation that holds data about you, Nottingham University Hospitals NHS Trust (NUH) ensures that we fully comply with the new law.
The information on this page is a summary which explains why we collect data about you and how it is used. It also explains how we store your data.
You have various legal rights in relation to your data, including a right to have your data processed fairly and lawfully and a right of access to any identifiable data that we hold about you.
You have the right to privacy and to expect NUH to keep your data confidential and secure.
You can find out more about your rights online.
You can also download the Your Rights information leaflet:
You also have a right to request that your confidential data is not used beyond your own care and treatment and to have your objections considered.
The national Data Opt-out is a service that allows patients to choose whether their confidential data is used for clinical research and NHS planning purposes. Find out more about the opt-out on the NHS Digital website pages.
NUH will be able to apply your national data opt-out choice where there is a requirement to share confidential patient information with other organisations for purposes beyond your individual care.
Our commitment to you
We make the following commitments about the data we keep about you and the way that we protect it. We will:
- Keep information about you so that we can give you treatment and care; and to make sure we fulfil our legal responsibilities to you
- Keep your health records safe, secure and up to date
- Only keep your information as long as necessary
- Collect, store and use the information you provide to the data protection standards and the laws that govern data protection
- Comply with the General Data Protection Regulation (GDPR), which requires that the way we manage your personal data is fair, lawful and transparent.
Why we need your data
If we don’t have up-to-date and accurate information about you, it may affect the quality of treatment and care that we are able to provide to you.
We hold information about you in order to be able to:
- Provide the treatment and care that you need
- Confirm who you are when we contact you, or when you contact us
- Make decisions about your future treatment and care
- Make sure your care is safe and effective
- Check the quality of your care
- Help investigate concerns or complaints that you or your family may have.
We may also ask you to volunteer to take part in clinical research and, if you do want to take part, we will ask for your agreement to use your data for this research.
We may also use your data, or part of it, for other reasons:
- Receive funding and keep track of spending
- Teach and train our staff
- Develop and improve care for patients in the future through research
- Manage and plan our services
Taking care of your data
We hold your data securely whether it is on paper or electronic.
There are strict safeguards in place to protect your data and how it is used.
We only keep your information for the time that we need it; the law says that we must keep health records for a minimum of 8 years after the last treatment, or after a person has died. Some records, for example for children, are kept for much longer.
Sharing your data
We do not share your personal data with commercial companies or third parties.
We do share your data with:
- NHS organisations who also provide your treatment and care – for example another hospital
- Health and care professionals who provide care to you outside of hospital – for example GPs or midwives
- NHS services which work as a network, caring for patients from a wider geographic area – for example Emrad (radiology)
We will tell you if we need to share your data with other public services who may be providing support or part of the treatment and care you need. This may include:
- Social Care services
- Education services
- Other local authority departments and services
- Voluntary and private sector providers working under contract to the NHS
In some cases, the law requires us to share personal data – for example, if the information is needed for a court case; or an investigation by a Coroner.
Where we do share your data, there are legal agreements in place to safeguard your information.
If you want to know more
If you have any concerns about how we keep and manage your personal information, please discuss this with a member of the team providing your care at NUH.
Download our GDPR Patient information leaflet below