General Data Protection Regulation

General Data Protection Regulation 2016 (GDPR)

The General Data Protection Regulation 2016 (GDPR) came into force on 25 May 2018 and applys to Walsall Healthcare NHS Trust as Data Controller.  The legislation has replaced current data protection law, giving more rights to individuals and more obligations to organisations processing personal data.

As Data Controller, we determine the purpose and manner of processing personal data for both employees and patients. Where we are responsible for processing personal data on behalf of another data controller we act as a Data Processor.

The Trust has robust processes and systems to support compliance with the new laws, which includes keeping you informed about how your data is used.

Why do we collect information about you?

The purpose of the NHS is to provide you with the highest quality of healthcare, and to help us achieve this we must keep records about your health, treatment and care we have provided or plan to provide.

These records are called your healthcare records and may be stored in paper format or electronically. They include:

  • personal details about you, such as name, date of birth, address, NHS number, next of kin, ethnicity, and next of kin
  • Details of your hospital appointments/visits
  • Notes and reports about your health, treatment and care
  • Results of x-rays, scans and tests
  • Relevant information from people who care for you such as healthcare professionals
  • information based on the professional opinion of the staff caring for you

It is extremely important that your personal details are accurate and we will often check with you at appointments or visits that these details are correct.

We collect this information to ensure we are providing you with the right care and, should you see another health professional or be referred to another part of the organisation, accurate and up to date information is shared to enable a continuation in the quality of care you receive.

Who do we collect information from?

Walsall Healthcare NHS Trust will collect data about you in a variety of ways.  The main source of collection is directly from you and this is likely to be done either face to face, during a telephone call, or via email. 

We may receive information from other organisations that are also required by law to share information about you with us.  An example of this could be the Trust receiving a referral for you from your GP, another Trust or any health or social care provider.

Our Trust and our staff may have access to specific clinical systems from other organisations such as the Summary Care Record, in order to access information about you that is relevant to your care.  All systems are auditable and access is on a strictly need to know basis.

How long do we keep your information?

We keep your information in accordance with the National Guidance.  All our records are destroyed in line with the NHS Retention Schedule, which sets out the appropriate length of time each NHS record is retained. 

Records are destroyed confidentially once they reach their retention.  We do not keep your records for longer than is necessary. 

For further information please see Record Management Code for Practice for Health and Social Care 2016, retention schedules

How do we use your personal information?

The Trust processes personal information about:

  • patients;
  • next of kin;
  • suppliers;
  • employees (including students, apprentices, potential employees and volunteers);
  • complainants, enquirers;
  • survey respondents;
  • professional experts and consultants;

Health professionals caring for you manage information about your health and the care you receive from the NHS. This information is recorded in a healthcare record which is held either manually or electronically.  It is important as it helps to ensure that you receive the best possible care from us. Your information is used in the following ways to guide and administer the care you receive:

  • To ensure that your health professional has accurate and up to date information to provide a good basis for any treatment or advisory services we provide to you.
  • To ensure that full and correct information is available to other healthcare providers from whom you may be receiving treatment.
  • To ensure your treatment is safe and effective, and the advice we provide is appropriate and relevant to you.
  • To ensure that there is a good basis for referring to and checking on the type and quality of treatment you have received in the past.
  • To ensure that your concerns can be properly investigated should you wish to raise a complaint.