Fair processing notices

Data Protection Act 2018 Fair Processing Notices

These fair processing notices explain what information we collect about you, how we store this information, how long we retain it and with whom and for which legal purpose we may share it.

Fair Processing Notice for Service Users
Fair Processing Notice for Staff

The GDPR and Data Protection Act

This legislation will replace current data protection law, giving more rights to individuals and more obligations to organisations holding personal data.

The DPA 2018 sets standards which must be satisfied when obtaining, recording, using or disposing of personal data.

Personal Data must be:

  1. Processed fairly, lawfully and transparent. Data subjects must be fully informed of why your collecting their information, what you are going to do with it and who you may share it with.
  2. Processed only for specified purposes
  3. Adequate, relevant and not excessive in relation to the purpose for which it was processed
  4. Accurate and where necessary kept up to date.
  5. Kept for no longer than is necessary for the purpose it was processed.
  6. Processed in a manner that includes taking appropriate security measures as regards risks that arise from processing personal data.

Your Rights Under The General Data Protection Regulation:

  • The right to be informed.
  • The right of access.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights in relation to automated decision making and profiling.

 The leaflet below will explain your rights under GDPR. Please be mindful that not all rights apply within Health and Social Care. 

Click here

Data Protection Impact Assessments

Lawful Basis

Under the General Data Protection Regulation (GDPR), the Trust must have a valid lawful basis in order to process personal and special category data. This document details the Trust's approach and which of the six basis we use in specific circumstances.

Click here

National Data Opt Out

The Trust is one of many organisations working in the health and care system to improve care for patients and the public. The information collected about you when you are using NHS services can be provided to other approved organisations, where there is a legal basis, to help with planning services, improving care provided, research into developing new treatments and preventing illness.

All of these help to provide better health care for you, your family and future generations. Confidential personal information about your health and care is only used in this way where allowed by law and would never be used for insurance or marketing purposes without your explicit consent.

You have a choice about whether you want your confidential patient information to be used in this way. You can find out more about the wider use of confidential personal information and to register your choice to opt out by visiting www.nhs.uk/your-nhs-data-matters

Information Sharing Agreements

Information Governance

You can contact the Information Governance team for more information:

Information Governance Team

Bath NHS House

Newbridge Hill



Or via awp.infogov@nhs.net

The Information Commissioner's Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation. 

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the ICO

Information Commissioner's Office
Wycliffe House
Water Lane
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
Email: casework@ico.org.uk 

Cookies on our website

Cookies are used to ensure you get the best browsing experience. No personally identifiable information is collected.
By using our site you agree to these cookies being used. For more information please see our Cookie Policy.