NHS Cornwall and Isles of Scilly Integrated Care Board (CIOS) has a legal obligation to comply with all appropriate legislation in respect of data, information and information security including the UK General Data Protection Regulations (UK GDPR). It also has a duty to comply with guidance issued by the Department of Health and Social Care (DH), the Information Commissioners Office (ICO), other advisory groups to the NHS as well as professional bodies.
The Data Protection Act 2018 takes account of the UK GDPR and provides the principles under which personal information or data must be processed.
NHS CIOS asks for and uses personal information about people, such as their name, address, date of birth, telephone number and details about their health but can only use this information in certain ways, and are legally required to make sure people know how information is being used at the time of collecting it.
The ICO provides comprehensive advice and guidance in respect of the UK GDPR and the Data Protection Act legislation which can be found at: Guide to the UK General Data Protection Regulation (UK GDPR) | ICO
The guidance includes details of the UKGDPR principles, the lawful bases for processing, the rights of individuals and the obligations of data processors and data controllers like NHS CIOS. NHS CIOS complies with these obligations through its completion of the NHS Data Security and Protection Toolkit which it completes annually and submits to NHS Digital.