Commissioning Privacy Notice and Policy

The purpose of this notice is to inform you about the type of information (including personal information) that NHS Northamptonshire Clinical Commissioning Group (CCG) holds to perform its commissioning activities, how that information is used, who we share it with and how we keep it secure and confidential.

The European Union Data Protection Regulation (GDPR) and the new UK Data Protection Act 2018 (DPA) have increased the rights that individuals have over their personal data.  These data laws require organisations such as NHS clinical commissioning groups (CCG), hospitals and GPs to give their staff and customers the:

  • Right to be informed on how their personal data is processed;
  • Right to access what information is held;
  • Right to rectification to correct inaccurate or complete information held;
  • Right to delete inappropriately held information;
  • Right to restrict processing of some personal data;
  • Right to data portability whereby certain data can be transferred tomanother organisation;
  • Right to object to have their information used for marketing or research purposes.

The Privacy Notices supplied clearly explain each of the commissioning activities in further detail and how each of the individual’s rights are supported by NHS Northamptonshire CCG.

The National Fraud Initiative

NHS Northamptonshire Clinical Commissioning Group  is required by law to protect the public funds it administers.  It may share Information provided to it with other bodies responsible for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud. 

The CCG participates in the Cabinet Office's National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud – see guidance .  The Cabinet Office is responsible for carrying out data matching exercises subject to a Code of Practice .

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. 

The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under data protection legislation or the General Data Protection Regulation (GDPR).  For further information on the reasons why it matches particular information, see

Last updated: 11/02/2022