General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) came into effect on 25  May 2018 and the Data Protection Act 2018 which came into effect on 23  May 2018 sets out how the GDPR applies in the UK and rules about processing data not covered by the GDPR.

In order to meet the requirements of the new Data Protection legislation Trafford CCG is committed to ensuring that we are fully lawful and transparent about the ways in which we use your personal information.

We have created the following CCG Service Privacy Notices to explain how we use your personal information specifically within each of our services.

NB: Additional Service Privacy Notices are under review and will continue to be uploaded in the coming days.

We have also produced guidance to explain your rights under the new Data Protection Legislation: Exercising Your Rights and Subject Access Request Procedure.

If you would like further information on GDPR and the new data protection legislation please click on the Information Commissioners Office Website.

What is personal information?

Personal information can be anything that identifies and relates to a living person. This can include information that when linked with other information, allows a person to be uniquely identified. For example, this could be your name and contact details.

The law treats some types of personal information as ‘special’ because the information requires more protection due to its sensitivity.

This information consists of:

  • Racial or ethnic origin
  • Sexuality and sexual life
  • Religious or philosophical beliefs
  • Trade union membership
  • Political opinions
  • Genetic and bio-metric data
  • Physical or mental health
  • Criminal convictions and offences

How we keep your information safe

We are committed to ensuring your personal confidential information is safe and protected from accidental loss or alteration, inappropriate access, misuse or theft.

As well as technical, physical and organisational controls, we recognise that a well-trained, informed and security alert workforce minimises privacy risks from human error and / or threats from malicious acts.

We require our IT service providers to implement appropriate and robust industry standard security measures in accordance with our contractual instructions.

Everyone working for the NHS has a legal duty to keep information about you confidential.


The CCG retention schedule for each service is managed in accordance with the NHS Digital: IGA Records Management Code of Practice for Health and Social Care 2016 (appendix 3 retention schedule) please click here for further information.

Freedom of Information Act 2000

If you want to request any information about the CCG which is not your own personal data, please refer to our Freedom of Information Policy and Procedure  or you can submit a Freedom of Information request to:

Or write to:

Governance Support Officer: NHS Trafford Clinical Commissioning Group, 1st Floor, Crossgate House, Sale, M33 7FT.

Information Commissioners Office Notification

The Data Protection Legislation requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. This information is publicly available at the:

Information Commissioners Office: Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

Tel: 0303 123 1113



CCG Data Protection Officer: Jane LeFevre – Director of Legal and Democratic Services, Trafford Council, Trafford Town Hall, Talbot Road, Stretford, M32 0TH

Tel: 0161 912 1555