General Practice Data for Planning and Research (GPDPR)

General Data Protection Regulations (GDPR)
Click here to read our privacy notice. You can download and read the detailed document where you can also find the policy for National Data opt out.

From 25 May 2018, the NHS introduced a national data opt out to give patients more control over how their confidential patient information is used for research and planning purposes.
Patients can find out more about data use and the choice you can make online at

The NHS needs data about the patients it treats in order to plan and deliver its services and to ensure that care and treatment provided is safe and effective. The General Practice Data for Planning and Research data collection will help the NHS to improve health and care services for everyone by collecting patient data that can be used to do this.

This collection starts from 1st September 2021. We will not collect your name or where you live. Any other data that could directly identify you, for example NHS number, full postcode and date of birth, is replaced with unique codes which are produced by de-identification software before the data is shared with NHS Digital.

If you do not want your identifiable patient data to be shared outside of your GP practice for purposes except for your own care, you can register an opt-out with your GP practice. This is known as a Type 1 Opt-out. This should be done by returning this form to the surgery allowing time for processing it. If you have previously registered a Type 1 Opt-out and you would like to withdraw this, you can also use the form to do this. You can also call 0300 303 5678 for a form to be sent out to you.

Data Controller
Highgate Group Practice is the data controller for your information. We are contracted by NHS England under a General Medical Service (GMS) contract to provide Primary Healthcare services to local residents & other individuals registered with the Practice.
Data protection Officer’s contact details
Our Data Protection Officer is contactable via:
• A letter to the data protection officer at this practice
• By email at dpo.ncl@nicoladavies

Purpose of processing your data
We use your information to provide you with the best possible direct care services.
Your information is also used for indirect care, planning, research, auditing and population health management. A national opt-out from some of these purposes is available.

Lawful basis for processing your data
We process your data in the public interest for purposes focused on delivering healthcare – UK GDPR article 6 1(e). For special category personal data (e.g. health) our lawful basis is UK GDPR article 9 2(h) – processing necessary for medical/social care or management of same. For some information we process your data to fulfil our legal obligations – UK GDPR Article 6 1(c).

The categories of personal data concerned
We use name, address, date of birth, postcode, NHS number to identify you. We also keep data on your medical/health status which may include other sensitive data where relevant to your health e.g. your racial or ethnic origin, religious or philosophical beliefs, genetic data, sexual life and sexual orientation data.

Potential recipients of your data
We share data with other healthcare providers (e.g. hospitals) for delivery of your care. We also share with organisations for the management of health and care, and for indirect purposes as noted above. NHS England require us to supply data to them under Data Provision Notices, which is used for a variety of purposes including the NHS App.

How long your data will be retained
We only keep your data as long as is required by law. Data is retained following national records management practice, available in the full notice.

Your rights
You have the right to receive information on our uses of your information (this notice is part of that). The right to access, view or request copies of your records; request rectification of inaccuracies in your record, restrict or object to processing of your information. These rights are not absolute and are qualified in certain circumstances. You also have the right to complaint to our Data Protection Officer or the Information Commissioner if you are dissatisfied with out use of data

Safeguards if data is transferred to a country outside the UK.
When we use suppliers outside the UK, we ensure that the suppliers we use had full safeguards for your data and your legal rights are protected. We do not transmit data elsewhere except where legally required to (e.g. if you move to another country and ask us to share your data with local healthcare). When we do so, we insist on secure transmission.

The London Care Record – Your Data, Your Health
The Health Information Exchange has joined with the London Care Record.
This means your information will be available at any care setting within London, making sure those providing care to you have the best information

What does this mean for me?
When you visit a care setting such as a hospital, an urgent care centre or another GP in the London area, they will have access to your health data for the purposes of providing you with care.

Can I see who has accessed my data?
Yes, any access to your data is visible in the NHS App. It will tell you which organisation accessed your data, so you can check if this is appropriate.
If you have concerns about any accesses, please inform the practice.

Where can I get answers to my questions?
Details for OneLondon’s full programme, including this sharing are at:

Details for North Central London and the frequently asked questions are at:

If you don’t have online access, please ask in the practice and they can provide information.

Can I opt out of this sharing?
Yes, you can – but bear in mind this is for your care, so opting out may mean that those treating you may not have the best and latest information about your health.
To opt out, please visit the North Central London website above, or ask in the practice.

I have questions not answered. Can I contact the Data Protection Officer?
Our Data Protection Officer is contactable via:
• A letter to the data protection officer at this practice
• By email at [email protected]