The EU General Data Protection Regulation (GDPR) requires that data controllers provide certain information to people whose information (personal data) they hold and use. A privacy notice is one way of providing this information. This is sometimes referred to as a fair processing notice.
A privacy notice should identify who the data controller is, with contact details for its Data Protection Officer. It should also explain the purposes for which personal data are collected and used, how the data are used and disclosed, how long it is kept, and the controller’s legal basis for processing.
NHS England and NHS Improvement are cooperating to establish a joint enterprise. We may collect and use personal data for the functions that we exercise jointly. Our joint privacy notice explains how we do this.
As the two organisations still have distinctive statutory responsibilities and accountabilities, NHS England and NHS Improvement will continue to publish separate privacy notices explaining how we use personal data for our respective purposes.