ENGLAND – Data Protection Impact Assessment


The information we provide within this document relates to our use of your personal
information collected from you via the NHSmail Portal at www.nhs.net when registering your NHSmail account and the contact details published within the NHS Directory.

Document information and downloads

  • Background
  • Consultation with Stakeholders
  • Purpose of the processing
  • Description of the Processing
  • Describe the legal basis for the processing (collection, analysis, or disclosure) of personal data?
  • Demonstrate the fairness of the processing
  • What steps have you taken to ensure individuals are informed about the ways in which their personal data is being used?
  • Is it necessary to collect and process all data items?
  • Describe if personal datasets are to be matched, combined, or linked with other datasets? (internally or for external customers)
  • Describe if the personal data is to be shared with other organisations and the arrangements you have in place
  • How long will the personal data be retained?
  • Where you are collecting personal data from the individual, describe how you will ensure it is accurate and if necessary, kept up to date
  • How are individuals made aware of their rights and what processes do you have in place to manage such requests?
  • What technical and organisational controls for “information security” have been put in place?
  • In which country/territory will personal data be stored or processed?
  • Does the National Data Opt Out apply to the processing?
  • Identify and assess key IG risks
  • Further Actions
  • Signatories
  • Summary of high residual risks

File type Adobe Acrobat Portable Document Format (.pdf)
File Size 1,265 KB

Last Reviewed Date 27/02/2024
Updated on 27/02/2024

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
back to top