Welcome to our contact preference centre
NHS Shared Business Services and the General Data Protection Regulation (GDPR)
The GDPR came into effect in the UK on 25 May 2018.
We have undergone various activities in preperation of the new data protection law
We worked hard to ensure that we are prepared for the changes. This included ensuring that the personal data we manage for our NHS clients is always collected, managed, stored and shared (we won't do this without your permission) legally and safely.
The personal data of the staff and patients of our NHS customers, and our own staff and business will continue to be handled securely, in line with the regulations.
Implementing GDPR within NHS Shared Business Services
We have implemented GDPR successfully, building on our track record of data security and our compliance with the Data Protection Act 1998 (DPA).
We established internal steering and working groups to implement the GDPR before it came into effect. This group are supported by guidance issued by the UK Information Commissioner's Office.
Impact on customers and stakeholders
Our systems and services will not be changing and we expect any impact will be small.
Impact on the public whose data we hold
Our duty to safeguard personal data has not changed and is our priority. The GDPR creates some new rights for individuals and it strengthens some of the rights that currently exist under the DPA. We have worked to make sure that these rights are properly implemented, and any changes in the ways we collect, store or share your data are communicated appropriately.
We are keen to be as transparent as possible. If you would like any further information on how we are responding to the changes introduced by the GDPR, please email our Information Governance team.
Contact the Information Commissioner's Office (ICO) if you have an enquiry about complying with the GDPR in your own organisation.