Sub menu


General Data Protection Regulation (GDPR) 

The General Data Protection Regulation (GDPR) came into force on 25 May, 2018 and replaced the Data Protection Act 1998. 

The GDPR is designed to strengthen and unify individuals' data protection.

An  overview of GDPR can be found here.

Who is responsible for data protection at the Trust? 

The data protection officer is Amy Witham. You can contact Amy at

How long do we keep information? 

Information is retained in line with the NHS Records Management Code of Practice which you can read about on the NHS Digital website.

What are my rights under GDPR? 

Information regarding your rights can be found on the information commissioners office website

How do you withdraw your consent to us to share information with other organisations? 

Please contact the information governance team on 01284 713454. If you're on the hospital site and receiving care, you can also speak to the outpatients or emergency department reception, talk to your clinicians, or ask to speak to someone from the Patient Advice and Liaison Service (PALS) team.


Your rights under GDPR

The right to be informed

You have the right to be informed about the collection and use of your personal information

We must provide you with information including: our purposes for processing your personal information, our retention periods for that personal information, and who it will be shared with. We call this ‘privacy information’.

The right to request access

You have the right to obtain:

  • Confirmation that your data is being processed
  • Access to your personal data
  • Other information
  • Evidence that we treat your information within the rules of the law.

The right to request rectification

You have the right to ask that any information you believe is inaccurate to be corrected or completed if it is incomplete.

The right to request erasure

You have the right to ask that we delete any information we hold about you. This is also known as the right to be forgotten.

The right to restrict processing

This means that you can limit the way we share your information. This is an alternative to requesting the erasure of your information.

This means that we can hold your information but we cannot use it or share it with external organisations.

The right to data portability

This allows you to ask for and reuse your personal information for your own purposes for different services

It allows you to move, copy or transfer personal information easily from one IT environment to another in a safe and secure way, without any effect on your ability to use it.

The right to object

  • To us using your information for reasons other than to provide you with care
  • To your information being used for direct marketing (including profiling)
  • To your information being used for purposes of scientific or historical research and statistics.