Data protection and confidentiality banner

Data Protection and Confidentiality

Pennine Care NHS Foundation Trust takes its data protection and confidentiality responsibilities seriously.

We are registered with the Information Commissioner’s office for data protection purposes. Our Reference number is: Z6570366

The Trust has a dedicated Information Governance Team who are responsible for:

  • Data protection
  • Confidentiality
  • Records management
  • Information risk/security
  • Subject access 
  • Freedom of information 
  • Environmental information regulations

A copy of the key Information Governance policies are available here

New data protection legislation

On 25 May 2018 the new European General Data Protection Regulation (GDPR) was introduced into UK law, via the Data Protection Bill.

The new legislation builds on the Data Protection Act 1998, placing new responsibilities on organisations, both as a controller or processor of data.


Click here for further information on the new legislation and the GDPR

We are committed to meeting the standards required in the new legislation.

Data Protection Officer

As part of the General Data Protection Regulations, we are required to have a Data Protection Officer (DPO).

The responsibilities of the DPO include ensuring the Trust is compliant with data legislation, ensure staff are provided with appropriate guidance, training and instruction regarding data protection requirements and to act as a point of contact for the Information Commissioner’s Office (ICO) and the public.

If you have any concerns regarding how your information is used, or about our compliance with data protection requirements, you should contact our Data Protection Officer at pcn-tr.dpo@nhs.net or on 0161 716 3991.

Assessment of compliance

We are required to submit an annual return to the Department of Health, evidencing our compliance in the areas outlined above. This return is completed using the NHS Digital provided Data Security and Protection Toolkit.

Our compliance is reviewed annually by internal audit.  Our performance against the annual return and the view of internal audit are made available to the public within the Trust’s Annual Report.  Click here to see the latest, and previous versions of the annual report.

What information we collect about you and how we use it

As part of performing our public task as a provider of healthcare services, we collate, store, use and share information about our employees, patients, carers and also about members of the public.

To find out more about the information we collect and how we use it, please click here to see our privacy notices.

Copying letters to patients

The NHS Plan made a commitment that patients should be able to receive copies of clinicians' letters about them as a right, subject to their consent.

A letter includes communications between different health professionals, for instance those to GPs, hospital doctors, nurses, therapists and other health professionals.

We see this initiative as being good practice and are looking at the best way of introducing this.

Some services are already working to encourage this and you may be asked if you wish to receive a copy, how you wish to receive it and in what format.

Other services are not working in this way at the moment, but you may still ask the clinician working with you about this and they will explain the arrangements.

Further information regarding data protection

Further information about data protection and confidentiality legislation and guidance is available via the following sources:

Data protection:

Freedom of Information :

Our Latest News and Events Head over to our News & Events Page »