Data Protection Policy

Information on SHOs, GPRs and members of the Educational Network is held in a secure database for internal Deanery use. Some of the data is sensitive and personal and only authorised Deanery staff has access to it by means of a hierarchical password system.

The information is only shared with permission of the data subject or where the Deanery is obliged to do so by virtue of its functions or by legal obligation. Data rendered anonymous, in such a way that the data subject is no longer identifiable, may be used in statistical analysis and/or transferred to other bodies. Selected personal data is available via the website to accredited users (Associate Directors and some Deanery staff) by means of a secure, password-protected area. Some non-personal data such as practice addresses appears in the public area of the Deanery website.

In accordance with the guidelines of the Information Commissioner a two stage transfer process to archive is employed. Daily backups of the data are zipped and transferred to a secure area of the server. After a period of approximately 6 months these zipped copies of the data are transferred to CD and removed from the server. The CD archive is available for a period of ten years after which the CDs will be destroyed. Within the live system, data is first marked for deletion, and then removed from the database. The current policy is to remove individual data 10 years from completion of training. Information is updated on a daily basis and any inaccurate data is removed/updated as soon as identified.

Dr Tony Rennison
Associate Director
GP IT Lead