Go Search

Data Protection 


The Data Protection Act 1998

The Data Protection Act 1998 came into force on 1 March 2000.

Under this legislation there are set of rules for processing personal information and all staff who use your data have to follow data protection principles.     

How does the Data Protection Act affect NHS Lanarkshire?

The Data Protection Act states that those who record and process personal information must be open about how the information is used and must follow the eight principles of ‘good information handling’. These principles state that data must be:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

By law, data controllers, including NHS Lanarkshire, have to keep to these principles.

If you believe in any way that NHS Lanarkshire is not processing your personal data in accordance with these principles, please contact the Information Governance Manager on 01698 858079.

Finding out what Information NHS Lanarkshire holds about you

Under the Data Protection Act 1998 you have the right to find out what information is held about you on computer and in manual records. 

If you would like to see your records you can made a written request to NHS Lanarkshire. Information on the process can be found on our Accessing Health Records page.

Protecting your Information

It is also your right to have your information protected and kept confidential.

Other useful links: