Guide: Data processing and protection
Last updated: 10 May 2023. Previous version published 30 January 2023.
About
The Data Protection Act 2018 and General Data Protection Regulation (UK GDPR) establish a framework to regulate the processing of personal data.
The legislation balances the legitimate need for organisations to process personal data with the rights and interests of individuals.
In the UK, the Information Commissioner's Office ensures that organisations comply with data protection legislation and take enforcement action where the law is broken.
This guidance sets out how you can comply with data protection legislation. It also links to templates you can use.
The guidance covers:
- Why you need to comply with the legislation
- Data controllers, processors and data protection officers
- The governance issues that you’ll need to take to comply
- How to collect data lawfully
- How to use data lawfully
- How to store data lawfully
- What to do in the event of a data breach
- Data subject rights
- A glossary of data protection terms
The latest version (January 2023) includes additional detail on consent and explicit consent, and how to word consent.
Download
GDPR training
Our bespoke training course will introduce you to the UK General Data Protection Regulation (GDPR), what the law says, what it means for Healthwatch and how to apply it to your work.
Seperate learning modules are available for Healthwatch Lead Officers and Healthwatch staff.
Related resources
- Template: Data protection policy
- Template: Privacy statement and cookies policy
- Template and guidance: Information asset register
- Template: Record keeping and retention schedule
- Template: Data protection impact assessment
- Template: Data sharing agreement
- Template: Telling people how you will use their data on the phone and in person
- Template: Case study and photography consent
- Template: Consent and explicit consent