Privacy Policy

NHS Electronic Staff Record (ESR) privacy notice

The NHS Business Services Authority (NHSBSA) manages the contract and service delivery of the Electronic Staff Record (ESR). Your employing organisation is responsible for maintaining any personal data collected from you, or about you and used in ESR. The NHSBSA and their employees are responsible as joint controllers for processing your data. We will respect the information we hold about you by ensuring it has appropriate safeguards in place to protect it.

Why we process your information

We'll use your information to administer and maintain your employee record, and for payroll and workforce purposes.

Sharing your personal information

We may share your information with:

• NHS Pensions - to administer and pay pension benefits,
• HM Revenue and Customs - for benefits and tax administration,
• BACS - to make payments to employees,
• The Cabinet Office - to prevent and detect fraud,
• The Department of Health and Social Care : Advisory Committee on Clinical Excellence Awards (ACCEA) - to manage and monitor the payment of Clinical Excellence Awards,
• Disclosure and Barring Service (DBS) - to safeguard vulnerable groups,
• Local Education Training Boards (LETBs) - to manage Doctors in Training,
• NHS Digital and the Care Identity Service (CIS) - to update employee records in the Care Identity Service,
• local systems running at your employing organisation or their service providers - to secure the effective and efficient delivery of NHS and related services,
• other NHS employing organisations who use ESR that you may apply to work for - to transfer your employment record to your new employing organisation .

Any personal data that we share for the purposes listed above is encrypted while being transferred.

Keeping your personal information

Your employing organisation can view your data during, and after, your employment with them.

We'll delete or anonymise your personal data when your employer authorises this.

We'll keep your information secure, accurate and up to date. We will only keep it for as long as we need it for the purposes it was provided, and the use it was intended.

Your personal data will not be processed, held or transferred outside of the European Economic Area.

Your rights

The personal data you provide will be managed as required by Data Protection law.

You have the right to request:

• a copy of the personal data ESR holds about you from your employer,
• your employer changes any personal data you believe is not correct at the time you provided it.

From 25 May 2018, you have the right to request your employer to delete your personal data if you believe they are keeping it for longer than necessary.

The NHS Electronic Staff Record Programme is delivered in partnership with IBM UK Ltd.

© NHS Electronic Staff Record 2018