General Data Protection Regulation 2016 (GDPR)
The General Data Protection Regulation 2016 (GDPR) and the UK Data Protection Act 2018 comes into on 25 May 2018 and will apply to the Trust as data controller, where we determine the purposes and means of processing personal data for both employees and patients, and also as data processors where we are responsible for processing personal data on behalf of another data controller.
The Trust has robust processes and systems to support compliance with the new laws, which includes keeping you informed about how your data is used.
For more information on this please refer to the Trust privacy notice
The Trust has also outlined in their policy statement how the new laws will affect the Trust and the way in which we process data.
GDPR Policy Statement
Data Protection Impact Assessments
When a new project or process that involves personal confidential data is undertaken at The Royal Wolverhampton NHS Trust then a Data Protection Impact Assessment (DPIA) is completed. The Trust has given careful consideration as to whether or not to routinely publish such DPIA.
In order that we do not undermine or compromise our information and IT security we have taken the decision to not do so at this time, notwithstanding this we fully comply with our statutory obligations such as the Freedom of Information & Data Protection Acts. Requests for a copy may be made of the Trust if required, however, it should be noted that provision of such information may be heavily redacted due to the aforementioned risks.