Joint Controller and Information Sharing Framework Agreement

NHS England and NHS Improvement are cooperating to establish a joint enterprise. This mirrors the focus of the NHS Long Term Plan on how we will deliver integrated care to patients at the local level, how they set the whole of the NHS up to do that and how it will benefit patients and communities.

To make this work we will need to perform some functions of individual organisations together, achieving seamless integration of our working practices. When we use personal data for our joint purposes we will comply with Data Protection Law, sometimes as joint controllers of that data.

To make sure that we comply with our data protection obligations we have entered into a Joint Controller and Information Sharing Framework Agreement. The essence of this agreement is to enable use to work together seamlessly in establishing our joint enterprise, ensuring that activities that involve the processing or personal data are transparent and that we comply with our data protection obligations.

This agreement provides a framework for how we will work together to ensure that they comply with Data Protection Law.

Our data protection commitments as joint controllers are set out below:

  • We will make sure that they are transparent about their joint purposes for processing personal data, and explain how data is used for these purposes
  • We will make sure that anyone who wants to have access to their personal data, or to exercise other legal rights, has an easily accessible point of contact to make their request
  • We will make sure that when they introduce new joint working practices, the privacy of the people whose information are held by the Parties will continue to be protected as necessary
  • We will only introduce new joint working practices after we have conducted an assessment of how we will comply with data protection legislation and this has been approved following a jointly agreed approval process.
  • We will make sure that their data protection policies properly govern the activities of the joint enterprise, and that staff have a confident understanding of their responsibilities.

Read the Joint Controller and Information Sharing Framework Agreement.