Business continuity management system (BCMS) Portal: GDPR information

Summary

Why and how we process your data in the Business continuity management system (BCMS) Portal, and your rights.

Controller	NHS Digital
How we use the information (processing activities)	Collecting and storing personal data means that the right people can be contacted in the event of an incident which may require a business continuity plan to be used. It is also used to record training and competency in the Business Continuity Management System (BCMS).
Does this contain sensitive (special category) data such as health information?	No
Who are recipients of this data?	None
Is data transferred outside the UK?	No
How long the data is kept	2 years minimum after no longer required
Our lawful basis for holding this data	Public task
Your rights	Be informed Get access to it Rectify or change it Erase or remove it Restrict or stop processing it Move, copy or transfer it Object to it being processed or used Know if a decision was made by a computer rather than a person
How can you withdraw your consent?	Consent not the basis for processing
Is the data subject to decisions made solely by computers? (automated decision making)	No
Where does this data come from?	Application - Microsoft Delve
The legal basis for collecting this data	Public task and Health and Social Care Act (2012) – Schedule 18, part 10 (1)