How we manage your data

The data protection law is changing. As an organisation that holds data about you, Nottingham University Hospitals NHS Trust (NUH) is taking extra steps to ensure that we fully comply with the new requirements under the General Data Protection Regulation (GDPR).

This is a summary of the information that you will need to know about how we will use, manage and safeguard your data under GDPR. The full policy is available on our website here:

A summary of your rights under GDPR can be found below:

Your Rights.pdf [pdf] 21KB

Our commitment to you

We make the following commitments about the data we keep about you and the way that we protect it. We will:

  • Keep the right information to provide services and fulfil our legal responsibilities to you
  • Keep your records safe, secure and accurate
  • Only keep your information as long as necessary
  • Collect, store and use the information you provide to the data protection standards and the laws that govern data protection
  • Comply with the General Data Protection Regulation (GDPR), which requires that the way we manage your personal data is fair, lawful and transparent.


Why we need your data

If we don’t have up-to-date and accurate information about you, it may affect the quality of treatment and care that we are able to provide to you.

We hold information about you in order to be able to:

  • Provide the treatment and care that you need
  • Confirm who you are when we contact you, or when you contact us
  • Make decisions about your future treatment and care
  • Make sure your care is safe and effective
  • Check the quality of your care
  • Help investigate concerns or complaints that you or your family may have.



We may also ask you to volunteer to take part in health research and, if you do want to take part, we will ask for your agreement to use your data for this research.

We may also use your data, or part of it, for other reasons:

  • Receive funding and keep track of spending
  • Teach and train our staff
  • Develop and improve care for patients in the future through research
  • Manage and plan our services


Taking care of your data

We hold your data securely whether it is on paper or electronic.

There are strict safeguards in place to protect your data and how it is used.

We only keep your information for the time that we need it; the law says that we must keep health records for a minimum of 8 years after the last treatment, or after a person has died. Some records, for example for children, are kept for much longer.


Sharing your data

We do not share your personal data with commercial companies or third parties.

We do share your data with:

  • NHS organisations who also provide your treatment and care – for example another hospital
  • Health and care professionals who provide care to you outside of hospital – for example GPs or midwives
  • NHS services which work as a network, caring for patients from a wider geographic area – for example Emrad (radiology)


We will tell you if we need to share your data with other public services who may be providing support or part of the treatment and care you need. This may include:

  • Social Care services
  • Education services
  • Other local authority departments and services
  • Voluntary and private sector providers working under contract to the NHS

In some cases, the law requires us to share personal data – for example, if the information is needed for a court case; or an investigation by a Coroner.

Where we do share your data, there are legal agreements in place to safeguard your information.

Your rights

You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any identifiable information we hold about you.

You have the right to privacy and to expect NUH to keep your information confidential and secure.

You also have a right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered.


If you want to know more

If you have any concerns about how we keep and manage your personal information, please discuss this with a member of the team providing your care at NUH.


Download our GDPR Patient information leaflet below