SignHealth Privacy Statement
SignHealth is committed to safeguarding any personal data that we process, ensuring that it is stored and shared safely and securely.
SignHealth already has an effective approach to information security which complies with existing law and which meets the requirements of our partners and regulators. However, we are seeing the introduction of the new General Data Protection Regulation (GDPR) on 25 May 2018 as an opportunity to review and update our policies, procedures and ways of working in relation to data processing and protection to make them even stronger.
What we are doing
• We are working with teams and departments across the organisation to audit the data they are currently processing and to look for ways to strengthen both formal and informal data security measures.
• We are ensuring that any data we keep is accurate, up-to-date and appropriate.
• We are communicating the changes to staff through formal and informal communications, and through workshops with individual teams.
• We are reviewing the way we anonymise any personal data we have a legitimate reason to keep e.g. in relation to contracts, commissioned work or data we are required by law to keep.
• We are reviewing the data protection approaches of organisations we work in partnership with, to ensure these relationships are fully compliant and to confirm responsibilities in relation to data protections on both sides.
• We are contacting our existing donors to confirm whether they wish to continue to be kept up to date with SignHealth’s work.
• We are deleting data that we no longer need to hold.
The new Regulation reinforces individuals’ rights to access any information organisations keep about them.
This includes information about:
• exactly what personal data is being held about them
• how and why this data is being processed
• who is able to access this data, whether it has been disclosed to anyone else and if so, why
• how long this personal data is to be stored for and how it is erased at the end of this period
The Regulation also explicitly outlines individual’s rights to:
• have any incomplete or inaccurate data about them corrected
• request erasure of personal data or restrict the processing of data, where this is applicable in accordance with the lay
• make a complaint about how their data is being processed and for this complaint to be comprehensively responded to in accordance with the law
To facilitate all of the above, SignHealth has nominated the Governance & Performance Manager role to act as the organisation’s data administrator. This is to provide stakeholders, both internal and external, with a single point of contact in relation to any queries and information around data protection.
The key objectives of this role will be to:
• assess SignHealth’s readiness to meet the new Regulation
• identify gaps across the organisation and implement work to address them
• oversee the development and implementation of policies, procedures and approaches around data protection across the organisation
• continually monitor and improve SignHealth’s compliance with the GDPR
• raise awareness of the GDPR across the organisation and champion best practice in relation to information security and data protection
The Governance & Performance Manager role is currently being covered by Craig Nightingale, who can be contacted by email at