Data Protection

Legal background

  • The General Data Protection Regulation (EU 2016/679), the LED and any applicable national Laws implementing them as amended from time to time
  • The Data Protection Act 2018
  • All applicable Law concerning privacy, confidentiality or the processing of personal data including but not limited to the Human Rights Act 1998, The Health and Social Care (Safety and Quality) Act 2015, the Common Law Duty of Confidentiality and the Privacy and Electronic Communications (EC Directive) Regulations.

The above will be collectively used as the Data Protection Legislation.

Principles of Data processing

The Norfolk and Norwich University Hospitals Foundation Trust, as data controller, may process personal data only for specified purpose in the Privacy Notice on this website, for the exercise of its legal rights and for the fulfillment of certain obligations (‘the purpose of data processing’).

The Hospital aims to process only those personal data that is essential and suitable for the purpose of data processing. Personal data is processed only to the extent and duration necessary for the purpose of data processing.

‘Processing of personal data’ (‘processing’) shall mean any operation or set of operations which are performed upon personal data, regardless of the procedure applied, such as collection, recording, registering, organisation, storage, adaptation or alteration, use, query, transmission, disclosure, synchronisation or combination, blocking, erasure or destruction as well as prevention of their future use, taking photos, making audio or visual recording.