Data Processing
ICO Definition of ‘Processing’.
In relation to personal data, means any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction).
Security of proposal
- Safe Havens
NHS Scotland prefers data to be processed in an accredited Safe Haven. Need to justify why not using one.
Section 5. Safe Data Processing and Security
This section relates to the IT security concerning access, transfer and storage. If you are using an approved Safe Haven some sub sections do not need to be completed and standard answers are available for others. If data is to be returned to you then you will need to complete all of Section 5. Contact your IT department for assistance with supplying relevant policies and cite appropriate sections of each as supporting documents.
Applications requiring NHSCR data should copy and paste the relevant information from each policy. If you think your study will require NHSCR involvement please mention this during the triage process. These applications will require a section 5 IT security review by NRS before submission to PBPP.
Things to consider:
- How secure is the data collection process?
- How secure is the transfer of data?
- How secure is the data during analysis?
- How secure is the stored data?
Links to the other sections
Section 1: People Involved
Section 2: Organisations & Bodies
Section 3: Overview
Section 4: Data, Data Subjects and Methodology
Section 6: Outputs and Dissemination
Section 7: Declaration
Here is an example of a completed HSC-PBPP Application using fictional data.
Back to How to Apply
Contact PHS eDRIS Team phs.edris@phs.scot
Full details of how we use your information, and how we maintain your right to privacy, can be found on the Public Health Scotland Privacy and Cookies page.