This page explains how NHS North Cumbria Clinical Commissioning Group uses any information you give to us, and the way we protect your privacy.
Protecting the privacy and personal data of the visitors to our site is of the utmost importance to us.
Fair Processing Notice
View information on our Fair Processing Notice here which outlines how the NHS North Cumbria Clinical Commissioning Group collect/use/share your information, providing further information and who you can contact if you have any questions or concerns.
General Data Protection Regulation (GDPR) Statement
NHS North Cumbria Clinical Commissioning Group (CCG) is a ‘Data Controller’ under the General Data Protection Regulations. This means we are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the current and future data protection principles. We must also notify the Information Commissioner about all of our data processing activity.
All of our staff receive annual information governance training to ensure they remain aware of their responsibilities. They are obliged in their employment contracts to uphold confidentiality, and may face disciplinary procedures if they do not do so.
We will not share, sell or distribute any of your personal information to any third party (other person or organisation) without your consent, unless required by Law. Data collected will not be sent to countries where the Laws do not protect your privacy to the same extent as the law in the UK, unless rigorous checks on the security and confidentiality of that data are carried out in line with legal requirements.
- Guide to the GDPR on the Information Commissioner's Office website
Data Protection Act 2018
The UK's third generation of data protection law received the Royal Assent and its main provisions commenced on 25 May 2018. The Act aims to modernise data protection laws to ensure they are effective in the years to come. A pdf document of the Act is linked below.
- Data Protection Act 2018
What is difference between the Data Protection Act (DPA) 2018 and the GDPR?
The GDPR has direct effect across all EU member states and has already been passed. This means organisations will still have to comply with this regulation and we will still have to look to the GDPR for most legal obligations. However, the GDPR gives member states limited opportunities to make provisions for how it applies in their country. One element of the DPA 2018 is the details of these. It is therefore important the GDPR and the DPA 2018 are read side by side.
Common Law Duty of Confidentiality
Common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as 'judge-made' or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent. The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider's consent. In practice, this means that all patient information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.
Three circumstances making disclosure of confidential information lawful are:
• where the individual to whom the information relates has consented;
• where disclosure is in the public interest; and
• where there is a legal duty to do so, for example a court order.
- More information on site cookies
This site has security measures in place to protect the loss and alteration of information under our control.
Changes to the policy