​​​​​​​​​How we use your information​

Data Protection Act 2018 

The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018; the act supplemented the General Data Protection Regulation (GDPR) to incorporate it into the new UK Data Protection law (DPA 2018). 

We all need to be aware of the changes as the new DPA 2018 requires organisations who use personal data to demonstrate they are complying with data protection laws. It also involves higher levels of transparency and accountability regarding the way personal data is used.

The law allows personal data to be shared between those offering care directly to patients but it protects patients’ confidentiality when data about them are used for other purposes. These “secondary uses” of data are essential if we are to run a safe, efficient, and equitable health service. They include:
  • Reviewing and improving the quality of care provided
  • Researching what treatments work best
  • Commissioning clinical services
  • Planning public health services
Generally speaking, people within the healthcare system using data for secondary purposes must only use data that does not identify individual patients unless they have the consent of the patient themselves.

The CCG is compliant with the DPA 2018 and has a suite of privacy notices outlining how it uses your information.

Privacy Notices

Privacy notices detail:
  • why it holds personal identifiable information
  • purpose for processing
  • lawful basis for processing
  • who the information may be shared with
  • how individuals can access a copy of their information, get it corrected, make a complaint etc. 
  • includes details of Data Protection Officer
  • how long data will be retained for.
Privacy notices for Southwark CCG can be found at the bottom of this page.

Confidential information

Everyone working for or on behalf of the NHS has a legal duty to protect your confidential information in accordance with the NHS Constitution, Code of Practices, the Data Protection Act 2018 and the common law duty of confidentiality. 

Much of the information held about you may be confidential, such as records kept by health professionals you are seeing, services you use or treatment you receive. 

You have a right to privacy and confidentiality and it is important that these rights are respected.

Our partners in maintaining your health and wellbeing

Our partners include other NHS organisations such as NHS England, Public Health England (PHE), NHS Direct, NHS 111, hospitals, GPs and ambulance services, as well as local authorities (LAs) public health, social services, education and voluntary or private care provider services. We may need to share information about you so that we can work together for your benefit and wellbeing.

Other ways the NHS uses your information

Your information may be used to help us in:
  • determining the general health needs of the population
  • ensuring that our services meet future patient needs
  • teaching and training healthcare professionals
  • investigating complaints, legal claims
  • conducting health research and development
  • preparing statistics on NHS performance
  • auditing NHS accounts and service
  • paying your health care provider.


Your care provider and CCG will endeavour at all times to comply with the statutory duties, laws and NHS policy which govern their use of personal and confidential information. These include the following:
  • the NHS Constitution
  • the Care Records Guarantee
  • Data Protection Act 2018
  • Health and Social Care Act 2012
  • Freedom of Information Act 2000
  • Children's Act 2004
  • NHS Confidentiality Code of Conduct
  • Common Law Duty of Confidentiality
  • Access to Health Records Act 1990. 

Further information and help

Please speak to the health professional in charge of your care, facility e.g. hospital your or GP practice manager if you:
  • would like to know more about how we use your information
  • do not wish to have your information used in any of the ways described in this leaflet
  • would like to raise any concerns about the information in your health record.
 If you would like to find out more please contact:nelcsu.Information-Governance@nhs.net

NHS Digital Your Data Matters to the NHS Patient Leaflet.pdf
Privacy Notice - Complaints SARs and FOI.pdf
Privacy Notice - Direct Care.pdf
Privacy Notice - HR Staffing Employment Recruitment and Training.pdf
Privacy Notice - Incident Management.pdf
Privacy Notice - Medicines Optimisation.pdf
Privacy Notice - National Screening and Reporting Programmes.pdf
Privacy Notice - Patient Participation or Engagement Group.pdf
Privacy Notice - Payments.pdf
Privacy Notice - Privacy Notice - Safeguarding.pdf
Privacy Notice - Public Health.pdf
Privacy Notice - Quality Alerts.pdf