The Royal Surrey Scientific Computing department takes seriously how we use and look after personal data.

What do we mean by personal data?

  • personal information like name, date of birth, address and contact details
  • identifiable medical records
  • identifiable medical images

How and when do we use personal data?

We only use personal data for projects that have received Health Research Approval (HRA) and NHS research Ethics Committee approval.

How do we look after personal data?

NHS England (formerly NHS Digital) sets out standards on data security, cyber security, and information governance that are followed.

Data security is concerned with who is allowed to access patient data and how it is stored.

Cyber security relates to vulnerabilities of computers and other devices to unauthorised access, and the theft or damage of data.

Information governance is the framework that brings together all the legal requirements, standards and best practices and covers compliance with general data protection regulation 2016 (GDPR) and data protection act 2018.

Hospitals have an appointed ‘Caldicott guardian’ whose job is to make sure that the eight Caldicott principles are followed across all activities in that hospital. These principles have been defined to ensure that patients’ rights regarding their data are observed.

All of this means we that not only are we constrained by laws to look after personal data, to respect patient privacy, and their choices about how their data is used, but that we employ best practices to ensure that the data is secure and only accessible by the right people at the right time and for the right purpose.

In accordance with the guidance above, we anonymise (or pseudonymise) personal data collected in all studies. We do this so that we can conduct research projects that help improve healthcare, whilst patient identities remain protected.

For more information on these subjects, you can visit these websites:

Royal Surrey – information governance

NHS England – your data

Caldicott Principles

HRA – Research approval

Research Ethics Committee

Information rights

Cyber security