Your rights under the General Data Protection Legislation

Your rights under the General Data Protection Legislation

A new General Data Protection Regulation came into effect in the UK on the 25th May 2018.  It was brought into UK law alongside a new Data Protection Act.

Your rights
You have the right to know what personal data we hold and how it is used.
You have the right to raise concerns about what personal data is held and how it is used.
You have the right to request access to your personal data and in some cases to change what is recorded.

How your information is used

Much of the information we hold will have been provided by you, but some may come from other sources, such as your manager, your GP or other treatment/care providers.

Nottingham University Hospital's Occupational Health Service will process the information about you for the purposes of preventative and Occupational Health. This includes the following types of information:

Your contact details

Your employment details

Health questionnaires

Your vaccination and immunisation records

Management Referral forms

Correspondence and reports from your GP or other treatment/care providers

Other than below, we will only disclose information about you to third parties without your consent if we are legally obliged to do so.

We may transfer information about you to other NHS organisations for purposes connected with your employment.

Your personal data will be stored, retained and disposed of in accordance with the minimum timescales set out within the Disposal Schedule for all NHS records is detailed in the DH publication Records Management: NHS Code of Practice (2006). Ordinarily your occupational health records will be stored for 6 years after leaving your current employment or until your 75th birthday whichever is sooner. There are circumstances where your records will be stored for longer.

As part of our SEQOHS accreditation, it is a requirement to participate in local clinical and peer review audits to ensure we are aligned with the necessary standards.  We have a legal duty to ensure that all personal identifiable information is removed prior to use in any audit report and complies with General Data Protection Regulation (GDPR) 2018.

If you have any questions about how we process your information, in the first instance please contact our Head of Service, Jo Worrell,  Assistant HR Director, Nottingham University Hospitals NHS Trust, City Hospital Campus, Hucknall Road, Nottingham. NG1 5PB. 

Nottingham University Hospital's Data Protection Administration

Post:      Data Protection Officer, Rory King.

Data Protection Administration Office, Nottingham University Hospitals, Queen’s Medical Centre, Derby Road, Nottingham, NG7 2UH

Tel:          0115 9249924 ext 63975                                              


If after exhausting our internal processes you believe that we have not complied with the data protection legislation you may wish to seek advice from the Information Commissioner.

Post:        Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Fax:          01625 524 510 

Tel:           01625 545 700