Skip to main content

BETA This is a new service - your feedback (opens in a new tab) will help us to improve it.

Get an overview of your obligations with the data checklist for adopters.

This is required guidance

It is legally required and it is an essential activity.

This Guide covers:

  • England

From:

Adopters - Understanding laws that regulate the use of health and care data

Reviewed: 13 January 2023

Reviewed by: Health and Care IG Panel

In the UK, the UK General Data Protection Regulation (UK GDPR), supplemented by the Data Protection Act 2018 (DPA 2018), governs the processing of ‘personal data’ (a defined legal term). The UK GDPR mirrors the provisions of the EU General Data Protection Regulation that came into effect in 2018, before the UK left the EU. The UK GDPR and DPA 2018 only apply to the processing of data that relates to identifiable living people.

The common law duty of confidentiality governs the disclosure of confidential patient and service-user information. It applies to information that can identify either living or deceased people.

In this guide, we use the terms as they apply under each framework. When we refer to:

  • data protection legislation, we will use ‘personal data’
  • the common law duty of confidentiality, we will use ‘confidential patient and service-user information’

These laws exist to make sure you use people’s data in a legal, fair and transparent way, and that data is only processed or disclosed in ways that a person would reasonably expect. ‘Processing’ under article 4 of UK GDPR means any operation or set of operations that is performed on personal data such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure and destruction.

These laws also aim to make data sharing possible for a range of purposes, including research and the development of AI and digital technologies.

Get an overview of your obligations with the data checklist for adopters.

This is required guidance

It is legally required and it is an essential activity.

This Guide covers:

  • England

From:

Get more support

To discover how the regulatory organisations can assist you and for contact details, visit our 'Get Support' page.

Is this article useful?

How can we improve this piece?

Error:Select how we can improve this piece
Cancel

Thank you for your feedback!

To share additional insights about this page, please use the following link (opens in a new tab) to submit your observations.

Print this guidance (opens a PDF in a new tab)

Regulations are regularly updated. For the latest information, check the website as printed documents may be outdated.