Guide: Data processing and protection
This guidance explains the current data protection law and what this will mean for your local Healthwatch.
Last updated: 17 June 2022, previous version published June 2019.
About
The Data Protection Act 2018 and General Data Protection Regulation (UK GDPR) establish a framework to regulate the processing of personal data.
The legislation balances the legitimate need for organisations to process personal data with the rights and interests of individuals.
In the UK, the Information Commissioner's Office ensures that organisations comply with data protection legislation and take enforcement action where the law is broken.
This guidance sets out how you can comply with data protection legislation. It also links to templates you can use.
The guidance covers:
- Why you need to comply with the legislation
- Data controllers, processors and data protection officers
- The governance issues that you’ll need to take to comply
- How to collect data lawfully
- How to use data lawfully
- How to store data lawfully
- What to do in the event of a data breach
- Data subject rights
- A glossary of data protection terms
Download
Guide to data processing and protection
Related resources
- Template: Data protection policy
- Template: Privacy statement and cookies policy
- Template and guidance: Information asset register
- Template: Record keeping and retention schedule
- Template: Data protection impact assessment
- Template: Data sharing agreement
- Template: Telling people how you will use their data on the phone and in person
- Template: Case study and photography consent
Includes:
Template
