A movement for patients, relatives and carers. Harnessing the patient voice to build confidence in the use of patient data for research and analysis.

May 25, 2018 - a significant day for your rights, your choices, your data

May 25, 2018 was a significant day. It sees the introduction of new regulations designed to introduce more stringent legal requirements and protection for your data, and new policies to give each of us more choice about how our NHS data is used.

Here are some short summaries of what changed, together with details about where to find more information.

National Data Opt-Out

NHS Digital launched a new system to support the national data opt-out which will give patients more control over how confidential patient information is used.

The system offers patients and the public the opportunity to make an informed choice about whether they wish their confidential patient information to be used just for their individual care and treatment or also used for research and planning purposes.

Further information on the National Opt-out can be found on the NHS Digital website

There are some excellent resources to be found on the Understanding Patient Data website, including an information page about the opt-out, and background articles on:

- Why an opt-out rather than an opt-in or consent?

- Is the new national data opt-out just care.data all over again?


The Data Protection Act, 2018

The Data Protection Act received Royal Assent on 23 May 2018.

It updates data protection laws for the digital age and implements GDPR into UK Law.

Briefly, the new Data Protection Act:

  • Makes our data protection laws fit for the digital age in which an ever increasing amount of data is being processed.
  • Empowers people to take control of their data.
  • Supports UK businesses and organisations through the change.
  • Ensure that the UK is prepared for the future after we have left the EU.

The text of the Data Protection Act and related document can be found here. Historical documents relating the passage of the Act can be found on the Parliament website.


General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) applies across the EU and brings more rights about how personal information is used.

The EU passed the new legislation in April 2016, and the full text of the regulation was published some time ago.

As the UK is due to leave the EU in 2019, a new Data Protection Act has been passed, receiving Royal Assent on 23 May 2018, which enacts the GDPR in UK law, with some small changes. You can access full details of The Data Protection Act 2018 here.

The website of the Information Commissioner's Office includes some very useful information relating to GDPR, including addressing some of the myths.

The link to the ICO website is below:

Information Commissioner's Office: Data Protection reform.