Skip to main content

Information governance

Data protection

  1. General data protection regulation (GDPR) compliance
  2. Data protection impact assessment log
  3. Policies

Your information, your rights

  1. Your information, your rights
  2. Privacy notices

Accessing your information

  1. Accessing your personal information (SARs)
  2. Guidance on requests for information

What is information governance?

Standards for controlling information by this trust, for or by everyone who passes through our hands, or whose information we process.

Information governance ensures necessary safeguards for, and appropriate use of, patient and personal information.

Why do we need it?

To show that we can be trusted to maintain the confidentiality and security of personal and corporate information.

How do we do this?

Providing training and giving advice and guidance. Annually assessing ourselves against Department of Health and Social Care requirements and the Data Security and Protection (DSP) toolkit.

Public information

  • Freedom of information and environmental information regulations.
  • Publication scheme.
  • Freedom of information requests disclosure log.
  • NHS national data opt-out.
  • Confidentiality.
  • Caldicott guardian.
  • National data guardian.
  • Common law duty of confidentiality.
  • Data Protection Act (2018).
  • Records management.
  • Records management policy.
  • Records management code of practice (2021) (The Code). This code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.

Contact information governance

Information governance

Woodfield House
Tickhill Road Site
Tickhill Road
Balby
Doncaster
DN4 8QN

Freedom of Information (FOI) requests

Please send your FOI requests to:

Information governance definitions

Definitions
Term Definition
Data controller The organisation which determines the processing of personal data. The data controller is the legally responsible organisation
Data processor An organisation which the data controller appoints to provide a service on its behalf. The data processor must follow the legal instruction of the controller
Data subject The individual who personal data is about. The individual must be identifiable from the data
Data protection officer The person appointed by the data controller as the single point of contact for data protection enquiries. The data protection officer acts independently and monitors compliance with data protection obligations
Data processing The activities which relate to personal data. Data processing includes:

    • obtaining, recording or holding the information
    • organisation, adaption or alteration
    • retrieval, consultation or use
  • disclosure by transmission, dissemination or otherwise making available
  • alignment, combination, blocking, erasure or destruction of the information or data
Information commissioners office (ICO) The regulator of information rights in the United Kingdom. More information can be found on theĀ ICO website (opens in a new window).
Personal data Data which relates to an individual and enables them to be identified.
Special category data This personal data is more sensitive, and so needs more protection, for example:

  • race
  • ethnic origin
  • politics
  • religion
  • trade union membership
  • genetics
  • biometrics (where used for ID purposes)
  • health
  • sex life
  • sexual orientation

Page last reviewed: December 18, 2024
Next review due: December 18, 2025

Problem with this page?

Please tell us about any problems you have found with this web page.

Report a problem