Practice Note: Staff Privacy Notices

Introduction 1.1 Individuals have the right to be informed about the collection and use of their personal data. This requirement is set out in the data processing principles found within Article 5 of the UK General Data Protection Regulation (UK GDPR); specifically, Principle 1, which requires processing to be lawful, fair and transparent). Articles 13 … Read more

ADVISORY NOTE 05/2023 – UK-US Data Bridge

BACKGROUND The UK’s Department of Science, Innovation and Technology (DSIT) recently announced that as from 12th October 2023, new UK legislation, namely the Data Protection (Adequacy) (United States of America) Regulations 2023 (SI 2023/1028) will allow businesses in the UK to transfer personal data to US organisations certified to the “UK Extension to the EU-US Data … Read more

ADVISORY NOTE 01/2023 – Using Bcc to Send Bulk Emails

Update to Advisory Note 01/2023 published in January 2023 BACKGROUND The Blind Carbon Copy (Bcc) function can be a useful tool when sending emails, as therecipients cannot see who else the email was sent to. It is often relied on when sendingemails to a group of individuals so as not to reveal the recipients to … Read more

ADVISORY NOTE 07/2022 – International Data Transfers

Update to Advisory Note 02/2022 published in February 2022 UK-based organisations sending personal data outside the UK or making it available toorganisations in other countries need to comply with the rules on international transfers.In some cases, as this document will explain, it may be necessary to enter into a contract toprovide safeguards for such transfers … Read more

ADVISORY NOTE 06/2022 – National Data Opt-Out

The national data opt-out is a service that allows patients to opt out of their confidential patient information being used for research and planning purposes. in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-Outs. The deadline for health and care organisations to comply with the … Read more