hero image

Data Protection

Click here to view the patient GDPR Privacy Notice.

Click here to view the staff GDPR Privacy Notice.

Click here to view the Volunteers GDPR Notice.


This Privacy Notice explains what personal information we collect from you, how we store personal information, how long we retain it and with, whom and for which legal purpose we may share it.

Bedford Hospital’s mission is to protect the rights of our patients and staff in relation to their personal information. As such the Trust is committed to comply with the General Data Protection Regulations (GDPR) and associated Data Protection Act 2018 (the Act).

The Act sets out certain principles which organisations must adhere to in order to ensure the confidentiality of patients and staff whose records we hold.  This is managed through an Information Governance Team.

This page provides some basic information about the Act and some of our obligations under it. If you wish to find out more or would like to discuss how this Trust handles your personal information, please contact the Information Governance Manager/Data Protection Officer on 01234 355122 ext. 6377 or by email to: information.governance@bedfordhospital.nhs.uk.

Caldicott Guardian – Medical Director

The Guardian plays a key role in ensuring that the NHS, Councils with Social Services responsibilities and partner organisations satisfy the highest practical standards for handling patient identifiable information. Acting as the ‘conscience’ of an organisation, the Guardian actively supports work to enable information sharing where it is appropriate to share, and advises on options for lawful and ethical processing of information. Should you wish to contact the Caldicott Guardian please email information.governance@bedfordhospital.nhs.uk

Senior Information Risk Owner (SIRO) – Director of Finance

The SIRO is a member of Trust Board who has lead responsibility to ensure organisational information risk is properly identified, managed and that appropriate mechanisms exist.  The Trust Board member appointed as the SIRO ensures necessary safeguards for, and appropriate use of, corporate, patient and personal information.

Data Protection Officer (DPO) – Information Governance Manager

  • The GDPR introduces a duty for the hospital to appoint a data protection officer (DPO).  The DPOs assist with monitoring internal compliance, informing and advising the hospital and the public on your data protection obligations.  The DPO provides advice regarding Data Protection Impact Assessments (DPIAs) and acts as a contact point for data subjects and the supervisory authority.
  • The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level.

Access to Your Personal Data

Under GDPR and the Data Protection Act you have a right to view any records held about you.  You also have a right to a copy of those records. This right extends to your medical records. For further information please click here.

The Information Commissioners Office

Bedford Hospital NHS Trust is registered with the Information Commissioner’s Office as a Data Controller under the Data Protection Act 1998. To see details of our registration, please visit the Information Commissioner’s Office website and enter registration number Z5645207.