Guide: Data processing and protection

This guidance explains the current data protection law and what this will mean for your local Healthwatch.
Man standing outside smiling at the camera

Last updated: 17 June 2022, previous version published June 2019.


The Data Protection Act 2018 and General Data Protection Regulation (UK GDPR) establish a framework to regulate the processing of personal data.

The legislation balances the legitimate need for organisations to process personal data with the rights and interests of individuals.

In the UK, the Information Commissioner's Office ensures that organisations comply with data protection legislation and take enforcement action where the law is broken.

This guidance sets out how you can comply with data protection legislation. It also links to templates you can use.

The guidance covers:

  • Why you need to comply with the legislation
  • Data controllers, processors and data protection officers
  • The governance issues that you’ll need to take to comply
  • How to collect data lawfully
  • How to use data lawfully
  • How to store data lawfully
  • What to do in the event of a data breach
  • Data subject rights
  • A glossary of data protection terms


Guide to data processing and protection

Have you seen our latest resources?

Get the latest guidance to help you carry out your role at Healthwatch.