What we do

NHS NEL Commissioning Support Unit (NEL) is an arms-length body of NHS England. We support organisations across London, Bedford, East Anglia, Essex, Hertfordshire, Kent, Luton, Surrey, and Sussex, delivering a range of support services and bespoke solutions. These include Clinical Commissioning Groups, Hospital Trusts, GP Practices, Mental Health Trusts, as well as NHS England, Government departments and Local Authorities.

What is a privacy notice?

Data Protection Legislation requires that organisations provide certain information to people whose information (personal data) they hold and use. A privacy notice is one way of providing this information.

A privacy notice should identify and explain the purposes for which personal data are collected and used, how the data are used and disclosed, how long the data is kept, and the Controller’s legal basis for processing.

Why we collect information about you

In carrying out our role and responsibilities as a

How we use your information

Please select the information that is relevant to you from the list below for full details on how your information is used.

NEL oversight and responsibility

NEL is supported by a number of key roles within the organisation led by the Senior Information Risk Owner, who is accountable for information risk management within the organisation; The Caldicott Guardian who advises on specific issues relating to the use of patient confidential data and the Data Protection Officer who provides advice and support on Data Protection compliance and monitoring obligation. These roles have oversight of the handling of information within NEL or by any support organisations we may buy services from.

  • The Senior Information Risk Officer or SIRO for NEL is Tony Weimer
  • The Caldicott Guardian for NEL is Karen Keane.
  • The Data Protection Officer for NEL is Claire Edgeworth.

Relevant links to associated documents or organisations:

If you would like to find out more information on the wider health and care system approach to using personal information or other useful information, please click on the following links:

Information Governance Roles

The Senior Information Risk Officer (SIRO)

The SIRO is expected to understand how the strategic business goals of the organisation may be impacted by information risks and will report on these to the Information Governance Group and Board of the CSU, as appropriate.

The SIRO acts as an advocate for the appropriate management of information risks for the Governing Body and in internal discussions and will provide written advice to the Managing Director with regards to information risks.

The SIRO provides an essential role in ensuring that information risks are identified, and actions taken to address them. They must also ensure that a framework for managing information incidents and risks are in place, used and understood. They will provide leadership and guidance to the organisations Information Asset Owners (IAO).

The Senior Information Risk Owner (SIRO) for NHS NEL CSU is the Director of Technology Services.

The Caldicott Guardian

All NHS organisations are required to appoint a Caldicott Guardian to ensure compliance with patient data confidentiality. NHS NEL CSU’s Caldicott Guardian is Karen Keane, who is responsible for protecting the confidentiality of patients’ and service-users’ information and enabling appropriate information-sharing.

The Caldicott Guardian plays a key role in ensuring that NHS, Councils with Social Services responsibilities, and partner organisations, satisfy the highest practical standards for handling patient identifiable information.

Acting as the ‘conscience’ of an organisation, the Guardian actively supports work to enable information sharing where it is appropriate to share and advises on options for lawful and ethical processing of information.

The Data Protection Officer (DPO)

The Data Protection Officer (DPO) is responsible for ensuring that the CSU and its constituent business areas remain compliant at all times with data protection legislation, Privacy & Electronic Communications Regulations, Freedom of Information Act and the Environmental Information Regulations (information rights legislation).

The DPO shall: lead on the provision of expert advice to the organisation on all matters concerning the information rights law, compliance, best practice and setting and maintaining standards. Provide a central point of contact for the information rights legislation both internally and with external stakeholders (including the office of the Information Commissioner).

The DPO reports to the highest level of management within the organisation. This ensures the DPO can act independently and without a conflict of interest.