Toggle site contrast Toggle Contract

Data Protection

Bedfordshire, Luton and Milton Keynes (BLMK) CCGs are working collaboratively with a view to becoming one BLMK CCG with effect from 1 April 2021. To enable collaborative working staff from BLMK CCGs will be accessing information held by each CCG.

Documented agreements have been put in place to support this way of working.   However, each CCG will remain separate data controllers until 31st March 2021.  With effect from 1 April 2021 BLMK CCG will be in place and the new CCG will become the new data controller.

If you have any questions about this please email [email protected]

For further information about how BLMK CCGs process information, please view our Fair Processing Notices below.

Data Protection (Information Governance)

We are committed to ensuring the personal information we hold is processed in line with data protection regulations, legislations and national guidance including, but not limited to, the General Data Protection Regulations (GDPR) and the Data Protection Act 2018.

We measure our compliance using the NHS Digital Data Security and Protection Toolkit. A self-assessment on line tool for which we provide evidence of our compliance.

We have policies and procedures in place which our staff (including, agency, temporary and volunteers) have a legal obligation to comply with. All staff are also required to complete annual mandatory Data Protection & Security training.


To view our policies please click on the relevant CCG (these policies are in the process of being amalgamated in preparation for the new one BLMK CCG on 1st April 2021):

Beds Policies

Luton Policies

MK Policies 

Data Protection Impact Assessments

As required by GDPR we conduct DPIAs, which help us to identify any risks which may occur from the implementation of new IT systems and processing of personal information. To view a list of DPIAs recently undertaken, please click here.

Information Sharing

All organisations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

As a partner of the BLMK Integrated Care System (BLMK ICS

We are signed up to the overarching Information Sharing Agreement (ISA) to support the sharing of patient & service user information for the purpose of direct care.

Later this year this agreement will be replaced with the My Care Record agreement. For information about My Care Record, how it will benefit you and your options/rights, please visit

Subject Access & Access to Health Records Requests

GDPR gives you (or your authorised representative e.g. somebody who has Power of Attorney to deal with your affairs) the right to request and be provided with a copy of the information we hold about you. This is known as ‘the right of access’, also more commonly known as a Subject Access Request (SAR).

Some individuals may also have the right (under the Access to Health Records (Deceased) Act), to request and be provided with information we hold about a deceased individual. However, strict exemptions do apply.

To submit a request please print and complete the form below and send it to us as instructed in the form. Following receipt of your form we will do all we can to provide you with the requested information within 30 calendar days.

Subject Access & Access to Health Records Request form

If you are unable to print the form, please email our IG Department who will be happy to assist you [email protected]

Fair Processing Notice

Our Fair Processing Notice (sometimes referred to as a Privacy Notice) provides details about the information we collect and hold, what we do with it, how we look after it, who we might share it with and your rights.

It covers information we collect directly from you or receive from other individuals or organisations and which organisations process it on our behalf.

To view our Fair Processing Notices please click on the relevant CCG (these notices will be reviewed and amalgamated in preparation for the new one BLMK CCG on 1st April 2021):

Beds Fair Processing Notice

Luton Fair Processing Notice

MK Fair Processing Notice