Our joint Data Protection Officer

NHS England and NHS Improvement have appointed a joint Data Protection Officer. If you have any queries about this privacy notice or about how NHS England or NHS Improvement process personal data please contact our Data Protection Officer at the address below:

Carol Mitchell
Head of Corporate Information Governance and Data Protection Officer
Transformation and Corporate Development Directorate
NHS England
Quarry House
Quarry Hill

E-mail: england.dpo@nhs.net

The role of the Data Protection Officer

As public authorities, NHS England and NHS Improvement are required to appoint a Data Protection Officer (DPO). This is an essential role in facilitating ‘accountability’, and the organisations’ ability to demonstrate compliance with the General Data Protection Regulation (GDPR). The essential qualities of the role are to provide support, advice and assurance of all our activities that involve processing personal data. She reports on compliance to our senior management teams, and is empowered to raise data protection matters with our Boards if necessary.

Carol has expert knowledge of data protection law and practices, and a detailed understanding of how NHS England and NHS Improvement process personal data. As Head of Corporate Information Governance, she oversees a dedicated Data Protection Office team, and information governance staff whose job it is to support NHS England and NHS Improvement centrally and across our regions.

NHS England and NHS Improvement have a comprehensive suite of policies and procedures that addresses all aspects of information governance and data protection. These govern how we ensure that the personal data we are responsible is processed and shared lawfully, and that peoples’ data protection rights are respected.