Information governance

Data protection

Your information, your rights

Accessing your information

What is information governance?

Standards for controlling information by this trust, for or by everyone who passes through our hands, or whose information we process.

Information governance ensures necessary safeguards for, and appropriate use of, patient and personal information.

Why do we need it?

To show that we can be trusted to maintain the confidentiality and security of personal and corporate information.

How do we do this?

Providing training and giving advice and guidance. Annually assessing ourselves against Department of Health and Social Care requirements and the Data Security and Protection (DSP) toolkit.

Public information

Freedom of information and environmental information regulations
Freedom of information requests concerning information technology (IT) infrastructure
Publication scheme
Freedom of information requests disclosure log
NHS national data opt-out
Confidentiality
Caldicott guardian
National data guardian
Common law duty of confidentiality
Data Protection Act (2018)
Records management
Records management policy
Records management code of practice (2021) (The Code) sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it

Contact information governance

Information governance

Woodfield House
Tickhill Road Site
Tickhill Road
Balby
Doncaster
DN4 8QN

Phone: 03000 211189
Email: rdash.ig@nhs.net

Freedom of information (FOI) requests

Please send your freedom of information requests to:

Email: rdash.foirdash@nhs.net

Information governance definitions

Definitions
Term	Definition
Data controller	The organisation which determines the processing of personal data. The data controller is the legally responsible organisation
Data processor	An organisation which the data controller appoints to provide a service on its behalf. The data processor must follow the legal instruction of the controller
Data subject	The individual who personal data is about. The individual must be identifiable from the data
Data protection officer	The person appointed by the data controller as the single point of contact for data protection enquiries. The data protection officer acts independently and monitors compliance with data protection obligations
Data processing	The activities which relate to personal data. Data processing includes: obtaining, recording or holding the information organisation, adaption or alteration retrieval, consultation or use disclosure by transmission, dissemination or otherwise making available alignment, combination, blocking, erasure or destruction of the information or data
Information Commissioners Office (ICO)	The regulator of information rights in the United Kingdom. Learn more about the Information Commissioners Office.
Personal data	Data which relates to an individual and enables them to be identified.
Special category data	This personal data is more sensitive, and so needs more protection, for example: race ethnic origin politics religion trade union membership genetics biometrics (where used for ID purposes) health sex life sexual orientation

Page last reviewed: June 13, 2025
Next review due: June 13, 2026

Problem with this page?

Please tell us about any problems you have found with this web page.

Report a problem