Data protection

The Data Protection Act 2018, exercising derogation (exception) from the General Data Protection Regulation (GDPR), is a law designed to protect and maintain personal identifiable information, and to enable those wishing to, to gain access to their records.

When East Cheshire NHS Trust staff handle personal patient data they are under obligation to adhere to standards set by the Data Protection Act.

Whether they are using, holding, disclosing or disposing of information, staff must abide by principles detailed in the act.

Data controller

East Cheshire NHS Trust is the data controller for this website under the Data Protection Act 2018. This means East Cheshire NHS Trust is permitted to collect and process personal information about data subjects so that we can meet our business responsibilities. We will process your data in accordance with the Data Protection Act 2018. The purpose of the privacy policy is to inform you as a user of the site about what information we collect when you visit the site, how we use the information, whether the information is disclosed and the ways in which we protect users' privacy.

What does this mean to me?

The Data Protection Act requires that any records held about you are kept secure at all times (both physically and electronically) so that only those people concerned with your medical care have access to them.  It also affords you the following rights:

  • It gives you the right to access, or prevent access to your records if it is likely to cause damage or distress.
  • You can claim compensation if you suffer in any way from misuse of your information.
  • You can ask for a record to be corrected if you believe factual information is incorrect.

Accessing other types of information

If you wish to gain access to any other type of recorded information held within the trust, you can make a request under the provisions of the Freedom of Information Act 2000.  Please direct your request to the Freedom of Information Team (

Internal Links