Sharing Your Information

Our Privacy Notices outline what personal data we hold, along with your data rights and how you can access further information.

We work in partnership with Surrey County Council to recognise the essential role that carers take on in supporting people who have mental health problems, learning disabilities, or problems with drugs or alcohol. We also closely with local support services to develop effective partnerships and ensure that carers are well informed and supported in their caring role.

• Confidentiality and Consent: The relationship between the health professional and the person using the service is based on having confidence and trust that what is said will not be disclosed without their agreement. When people using our services have carers, we need to ensure the confidentiality of the individual is maintained, without putting the carer in undue risk if information is not shared.
• Risk Management: There might be situations where not sharing information could place the carer or others at significant risk. In such cases, the service may act immediately in the interest of the person.
• Carer Involvement: Even if the person receiving care withdraws consent, carers are still entitled to support and can continue to receive general information about mental illness, emotional and practical support, and advice on their caring role. 
• Information Sharing: Carers are encouraged to share relevant information about the person they care for, which can help in providing effective care. Carers' personal information shared with the service is also kept confidential unless consent is given to share it. 
• General Information Provided to Carers: Carers are given general factual information about the diagnosis, expected behaviors, medication, and local services, which does not breach confidentiality.
• Carers' Rights: Carers have the right to their own confidentiality when talking to professionals and are encouraged to feel valued and supported.

For more information, please refer to the SABP Carers Handbook, which is available on our website: https://www.sabp.nhs.uk/our-services/leaflets/core-leaflets

All SABP current policies are available online for your information and they can be accessed from our website at:

• https://www.sabp.nhs.uk/aboutus/policies

All SABP current leaflets are available online for your information and they can be accessed from our website at:

• https://www.sabp.nhs.uk/our-services/leaflets

These leaflets are also available in easy read, and large print formats.
 

How we make sure we are compliant

Where we introduce new services, or modify existing systems which process or share personal data, in compliance with current data protection legislation and 'privacy by design' requirements, we complete a Data Protection Impact Assessments (DPIA).

We do this is to confirm the legal basis for data collection and use, plus to assess any data privacy risks and ensure data is being held securely with access managed in accordance with Caldicott Guardian principles.

• Information on the role of Caldicott Principles is available at: https://www.gov.uk/government/publications/the-caldicott-principles 
• View a summary of our approved DPIA 

What does that mean?

• Anonymisation: Making personal data anonymous means you could never trace the data back to the living individual it relates to.
• Data breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.
• Data controller: A data controller (can be an individual or, like SABP, a corporate body) who decides the purposes how personal data is used. The data controller has a legal responsibility for how the data is used, stored and disposed of, and liable in teh event of a data breach.
• Data Processor: The data processor uses personal data on behalf of the data controller, based on the directions as set by the data controller.  
• DPIA Data Protection Impact Assessment: This is an assessment of the impact of the proposed personal data processing on the rights and freedoms of the data subject.
• Health Professional: In some circumstances, the opinion of a “health professional” has to be obtained when deciding whether to provide personal data to a person. In 
  this context, a health professional is the clinician who is currently, or was most recently responsible for the diagnosis, care or treatment of the person who users our services.
  Where more than one health professional is involved, the health professional is the most suitable person to provide an opinion. 
  Where there are no health professionals available within the above categories, a health professional who has the necessary experience and qualifications to provide an opinion on the question should be involved.
• ICO Information Commissioner's Office: The UK regulator for the GDPR and related UK legislation 
• Personal data: Information which helps to identify actual and specific individual. It can include details like your name, or unique identity number (such as NHS number or National Insurance number) and where you live. See also ‘Sensitive Personal Data’ (also called “Special Category Data”).
• Processing (Use of data): When anything is done to, or with, personal data (including simply collecting, storing or deleting those data), it is termed as ‘processing’ – for this document we use the term ‘Using’.
• Pseudonymisation: Similar to anonymisation but you retain a 'key' separately and securely, which means you can potentially re-identify the individual it relates to.  
• Restriction of processing: One of the Data Rights enables you to ask for limits on how your data is used.  
• Sensitive Personal Data: This is Personal data which reveals a person’s race or ethnicity, political opinions, religion or beliefs, trade-union membership, physical or mental health or sex life, and genetic and biometric data.  
• Third-party: Any person/Trust, who are authorised by the data controller or data processor to use personal data.

I’ve heard GDPR. But what is it? 

• GDPR is short for the ‘General Data Protection Regulation’. It came in to effect on 25 May 2018 and following Brexit, GDPR was formally incorporated in UK domestic law as 'UK GDPR' which came into effect on 01 January 2021. UK GDPR is supplemented with the Data Protection Act 2018 (DPA 2018) as part of the UK data protection legislation requirements. 
• What does 'privacy by design' mean? 
  Data protection is seen as a part of our processes at the earliest possible stage. This means we identify any privacy issues at an early stage, so safeguarding people’s data rights. A Data Protection Impact Assessment (DPIA) is the framework we use for identifying, assessing and reviewing privacy risks. 
• What happens if something goes wrong? Who will enforce data protection issues in the UK? 
  Data protection safeguards are enforced in the UK, by the Information Commissioner’s Office (ICO). The ICO is the UK's independent body set up to uphold information rights. If a serious data breach or data complaint is lodged with the ICO, we must co-operate as requested, and ensure those affected by the data breach are notified. A failure to co-operate may result in penalties imposed on the Trust.  

Links for information:

• Information Commissioner’s Office (ICO): https://ico.org.uk/
• NHS England: https://www.england.nhs.uk/
• Care Quality Commission: https://www.cqc.org.uk/

Post: Surrey & Borders Partnership NHS Foundation Trust, 
Unit 18, Mole Business Park, Randalls Road, LEATHERHEAD, Surrey, KT22 7AD

Telephone: 0300 5555 222

Website: https://www.sabp.nhs.uk/   

Data Protection Officer: dpo@sabp.nhs.uk 
​​​​Charles Sant is our SABP Data Protection Officer.

Caldicott Guardian: caldicottguardian@sabp.nhs.uk 
Jo Lynch is our SABP Caldicott Guardian.

Senior Information Risk Owner (SIRO): sally.heath@sabp.nhs.uk 
Sally Heath is the SABP Senior Information Risk Owner.

Data rights/record requests: records.team@sabp.nhs.uk 
SABP Records team for records access and data rights.

SABP Formal complaints:
Whether you are a person who uses our services, a relative or carer of someone who does, or a member of the public, there may be times when you need information, help, advice and support. 

• Email: rxx.palsandcomplaintssabp@nhs.net, or

• Post: Surrey & Borders Partnership NHS Foundation Trust, PALS and Complaints
  Unit 18 Mole Business Park, Randalls Road, Leatherhead, Surrey, KT22 7AD

Page updates:

• November 2024: Page updated for accessibility.