FDP National Data Integration Tenant (NDIT) Privacy Notice

This privacy notice explains how NHS England uses Personal Data in the Federated Data Platform National Data Integration Tenant (NDIT).

What is the National Data Integration Tenant (NDIT)?

NDIT is part of the NHS Federated Data Platform (FDP) and is one of NHS England’s secure platforms for collecting, organising, collating, managing and preparing national health and care data so it can be used safely and appropriately for NHS purposes.

The NHS Federated Data Platform is made up of a number of separate independent data platforms, each of which is called an Instance. Some Instances are operated by NHS England and are called National Instances. NDIT is a National Instance.

NDIT is used to process data that NHS and other organisations are required to provide to NHS England, including patient data. It replaces multiple legacy data collection routes with a more secure, consistent and streamlined approach. It also supports the National Data Submission Portal, which provides a single route for organisations to submit national data returns to NHS England. In some cases, data already held in other NHS England-managed systems and data platforms is also moved into NDIT as part of the transition from legacy platforms.

The data which NHS England processes in NDIT includes Personal Data. Personal Data is defined in data protection law and is information relating to a living individual that can directly or indirectly identify them. Personal Data can be either:

  • Directly Identifiable Data – this is Personal Data that can directly identify an individual, for example, a name, address and date of birth.
  • De-Identified Data – this is Personal Data that has been de-identified, so that an individual can no longer be directly or indirectly identified in the data, but where the organisation holding the data does still have the means to identify the individual.

Data stored in NDIT also includes Aggregated Data and Operational Data – this is data that does not relate directly or indirectly to specific individuals. For example, statistics about groups of individuals where no one can identify any specific individuals from the statistics, for example, numbers describing the stocks of medicine, or the number of beds in a hospital.

What Personal Data about me is processed?

The Personal Data which is collected and processed by NHS England in NDIT about patients who have received care or treatment from NHS organisations will depend on the specific data sets being processed but may include:

  • Name
  • Address (including postcode)
  • Date of birth and age
  • Sex and gender
  • Marital status
  • Living habits
  • Physical description
  • NHS number
  • Contact details (such as phone number and email addresses)
  • Online identifiers (such as IP address or event logs) and, where relevant, location data
  • Information about your physical or mental health, including diagnosis, care and treatment
  • Racial or ethnic origin
  • Religion or other beliefs
  • Sexual Life/Orientation

What are the purposes for processing my Personal Data?

NDIT is used to collect, organise, collate, manage and prepare data to support NHS England to carry out its statutory functions. This includes monitoring and managing NHS services, improving the quality and efficiency of care, and supporting planning across the health and care system.

Data which is stored in NDIT is collected, checked for quality, organised, collated and prepared so it can be used appropriately by NHS England for approved purposes. This includes:

  • Providing a standard data collection and management area for Directly Identifiable Data, De-Identified Data, Aggregated Data and Operational Data.
  • Standardising the data collected (including improving data quality and preparing data in readiness for linkage) and ensuring data is handled consistently and efficiently.
  • Reducing duplication and inconsistency in data.
  • De-identifying data.

Data can then be transferred into other NHS England systems and data platforms, including another National Instance of FDP which does not contain any Directly Identifiable Data, depending on the purposes for using and analysing the data. This includes delivering insights which support management, planning and commissioning of health and care services.

The specific data sets that are processed within NDIT are subject to a robust approval process and a data protection impact assessment (DPIA). The list of data sets currently approved for processing in NDIT is published here: NHS England » Data sets processed in the National Data Integration Tenant of the NHS Federated Data Platform. This will be updated regularly to reflect any new data sets approved for processing in NDIT.

Who has access to my Personal Data?

NHS England uses a mix of internal teams and specialist suppliers to help run large national data and digital services. This is common practice across the NHS and elsewhere in government. Suppliers help build, maintain and support complex systems.

NHS England uses Palantir Technologies UK Ltd (Palantir), the supplier which provides the Federated Data Platform and supports the operation and maintenance of NDIT. Palantir staff may process Personal Data, including in some cases Directly Identifiable Data, as a processor on behalf of NHS England, under strict contractual controls for this purpose. This may include technical support activities that are necessary to operate, maintain and support NDIT. A small number of Palantir staff also have administrative access to enable them to manage Platform-wide settings, maintain Platform security and configure the Platform.

Engineers, including Palantir staff and other third-party engineers acting as processors on behalf of NHS England, also have more limited project-specific access to Personal Data in NDIT. Engineers with more limited access can only work on the specific data sets and tasks assigned by NHS England, including writing code and assuring the development of new products, for example developing the new National Data Submission Portal that organisations will use to submit national data returns to NHS England.

Engineers and their staff only act on NHS England’s instructions and do not have permission to use the data for their own purposes. Data is only accessed and used where it is necessary and appropriate, in line with data protection law and is time limited where relevant. Access is also monitored and controlled in the following ways:

  • NDIT is one part of the NHS Federated Data Platform. Those with access to it do not have access to the information in other parts of the Platform.
  • Access to NDIT by any staff, including suppliers, is time-limited, role-based and purpose-specific.
  • Access is strictly governed by contract, by the UK General Data Protection Regulation (UK GDPR), and by the Data Protection Act 2018 (DPA 2018).
  • Any staff with access, both NHS and suppliers, must meet Government security clearances and vetting requirements.
  • Administrative level access for non-NHS England users is subject to senior approval and Government security clearances. That access is removed when it is no longer needed and must be reverified every three months.
  • All access and activity is strictly monitored and audited by a team in NHS England every month. Audit logs are inspected and show what actions have been taken.

Who is my Personal Data shared with?

NHS England shares data with other organisations through NDIT as part of carrying out its statutory duties, but that data will not be Directly Identifiable Data.  The data which may be shared with other organisations will be either De-identified Data or Aggregated and Operational Data.

UK GDPR information

Controllers of your Personal Data

Under data protection law, NHS England is the controller of your Personal Data processed in NDIT.

Lawful basis for processing your Personal Data

When we process Personal Data (including De-identified Data), we must have a lawful basis to do so under the UK GDPR. For our processing of Personal Data in NDIT, our lawful basis are:

  • Legal Obligation – Article 6(1)(c)…the processing is necessary for compliance with a legal obligation’. This applies where NHS England is directed by the Secretary of State for Health and Social Care under section 254 of the Health and Social Care Act 2012 to collect and or analyse Personal Data.
  • Public Task – Article 6(1)(e) … ‘the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller’. This may apply where NHS England processes and shares Personal Data with other organisations in reliance of its other statutory powers.

Data about a person’s health is classed as ‘special category data’ under the UK GDPR.  This means that we also need to rely on a lawful basis under Article 9 of the UK GDPR.  When we process De-identified Data about a person’s health in NDIT we rely on:

  • Substantial public interest – Article 9(2)(g) of UK GDPR, plus Schedule 1, Part 2, Paragraph 6 “statutory etc and government purposes” of the DPA 2018
  • Health or social care – Article 9(2)(h) of UK GDPR, plus Schedule 1, Part 1, Paragraph 2 “Health or social care purposes” of DPA 2018
  • Public health – Article 9(2)(i) of UK GDPR, plus Schedule 1, Part 1, Paragraph 3 “Public health” of DPA 2018
  • Statistical purposes – Article 9(2)(j) of UK GDPR, plus Schedule 1, Part 1, Paragraph 4 “Research etc” of DPA 2018

Your rights under UK GDPR

Under data protection law, you have a number of rights over your Personal Data. Further information about these rights is in the NHS Federated Data Platform Privacy Notice.

You can contact NHS England’s data protection officer at england.dpo@nhs.net.

Does the National Data Opt Out or any other opt out apply?

The National Data Opt-Out may apply to some Personal Data processed through NDIT. Where this is the case, the privacy notice for the specific data collection will explain how the opt-out is applied.  In some circumstances, the National Data Opt-Out does not apply. This includes where NHS England is required by law to collect and process Personal Data to carry out its statutory functions. Currently (June 2026), the National Data Opt-Out does not apply to any of the data sets processed in NDIT.

Further information about when the National Data Opt-Out does not apply is available at When your choice about sharing data from your health records does not apply – NHS.

Type 1 Opt-Outs (which apply to data shared from GP practices) do not apply to any data sets processed in NDIT, as NDIT does not currently process confidential patient information collected directly from GP practices.

More information

For more information about how personal data is processed within the Federated Data Platform please see the NHS Federated Data Platform Privacy Notice.

Last updated date: 16 June 2026.