Data Processing  

ICO Definition of ‘Processing’.

In relation to personal data, means any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction).

Security of proposal

• Safe Havens

NHS Scotland prefers data to be processed in an accredited Safe Haven. Need to justify why not using one.

Section 5. Safe Data Processing and Security

This section relates to the IT security concerning access, transfer and storage. If you are using an approved Safe Haven some sub sections do not need to be completed and standard answers are available for others. If data is to be returned to you then you will need to complete all of Section 5. Contact your IT department for assistance with supplying relevant policies and cite appropriate sections of each as supporting documents.

Applications requiring NHSCR data should copy and paste the relevant information from each policy. If you think your study will require NHSCR involvement please mention this during the triage process.  These applications will require a section 5 IT security review by NRS before submission to PBPP.

Things to consider:

• How secure is the data collection process?
• How secure is the transfer of data?
• How secure is the data during analysis?
• How secure is the stored data?

Links to the other sections

Section 1: People Involved

Section 2: Organisations & Bodies

Section 3: Overview

Section 4: Data, Data Subjects and Methodology 

Section 6: Outputs and Dissemination 

Section 7: Declaration

Here is an example of a completed HSC-PBPP Application using fictional data.

Back to How to Apply

Contact PHS eDRIS Team phs.edris@phs.scot

Full details of how we use your information, and how we maintain your right to privacy, can be found on the Public Health Scotland Privacy and Cookies page.