Resize text Make the text bigger Make the text smaller

Confidentiality and Data Protection

You are here: Home \ Trust \ Information Governance \ Confidentiality and Data Protection



The Data Protection Act 2018 is a law which empowers and protects the rights of individuals when it comes to the processing of their personal data.

The new Act has been implemented alongside the General Data Protection Regulation 2016 (GDPR).

It has been updated to expand the definition of personal data to include biometric data and revise the special category data (sensitive personal data).

An accountability principle has been added which is designed to ensure that all Data Controllers (the Trust) have further accountability when it comes to ensuring that the data subject's information is processed in accordance with the principles.

There are six further principles which, if broken, can lead to prosecution not only for the Trust but of the individual employee. These state that data must be:

The Incident reporting framework has also been updated with all organisations now having a 72 hour reporting deadline. The fee for a monetary penalty has also risen from £500,000 to 20 million Euros or 4% of the gross annual turnover of the organisation. There will be a tiered approach depending on the size of the business and the level of data that has been breached.


It also changes the rules on consent and extends individuals rights to include:

Call 111 when its less than urgent