Corporate publication

Data Protection Policy

Placing data protection at the heart of the NHS Confederation’s operations to protect the rights of individuals and the charity from data breaches.

31 March 2022

Read the policy (PDF) External link icon

Chapters

Purpose of this policy

As a Data Controller the NHS Confederation takes its responsibilities regarding the management of the requirements of data protection legislation, very seriously. ‘Data protection legislation’ includes the Data Protection Act 2018 and the UK General Data Protection Regulations (GDPR), as modified, or replaced from time to time, and any other related legislation (such as the Privacy & Electronic Communications (EC Directive) Regulation 2003).

This policy sets out how the NHS Confederation manages those responsibilities and aims to place data protection at the heart of the NHS Confederation’s operations to protect and promote the rights of individuals and protect the charity from the risk of data breaches.

Scope

This policy applies to everyone working at or with the NHS Confederation.

It applies to:

  • all staff, including chief executives, directors, senior managers, employees (whether permanent, fixed term or temporary), seconded staff, homeworkers, agency workers and volunteers
  • consultants and contractors
  • trustees and committee members.

Any employing or contracting manager must ensure that all temporary staff, consultants, or contractors are aware of this policy.

By the NHS Confederation we mean the NHS Confederation charity, any subsidiary companies, and any hosted networked organisation.

This policy applies to all personal data the NHS Confederation collects, stores and processes, regardless of the location of where the data is stored (e.g. on an employee’s own device) and regardless of the data subject. The main personal information held is in relation to representatives at member organisations, employees, board and committee members, volunteers, employment applicants and other stakeholders. Personal data refers to any identifiable data relating to an individual. It doesn’t need to be data that is considered private and can relate to an individual’s ‘work details’. 

The NHS Confederation has designated the Director of People and Governance as the individual who is responsible for ensuring that the NHS Confederation implements this policy. This policy should be read in conjunction with the organisation’s IT Security Policy, Privacy Statement and Procedures for Data Breaches and Subject Access Requests.

The Policy should also be read in conjunction with the Information Commissioner’s Office guidance on data protection legislation.

Related content

NICON 2024 | 16 - 17 October | La Mon Hotel
Conference

NICON 2024

NICON24 is the premiere event for HSC Leaders and partners, bringing them together to discuss how to secure the best health and care outcomes for NI.

16 October 2024 08:00 - 17 October 2024 13:30 GMT
NHS ConfedExpo - 12 and 13 June 2024 at Manchester Central
Event

NHS ConfedExpo 2024

Join us at Manchester Central as we and NHS England unite health and care leaders and their teams at one of the biggest health and care conferences.

12 June 2024 08:30 - 13 June 2024 16:45 GMT
Matthew Taylor headshot
News

NHS Confederation responds to survey showing sexual harassment in the NHS

A survey from UNISON found that one in ten (10%) healthcare workers reported experiences of sexual harassment.

8 April 2024
Healthcare workers walking down a hospital corridor.
Briefing

2024/25 NHS priorities and operational planning guidance

Summary and analysis of NHS England’s operational planning guidance and priorities for the service in 2024/25.

28 March 2024

View the policy library.

Find out more Arrow pointing right