This website places cookies on your device to help us improve our service to you. To find out more, see our Privacy and Cookies statement.

Data Protection

Data protection protects people's rights in relation to how their personal information is used. The Data Protection Act 1998 is the UK law which sets out the requirements of data protection.

NHS National Services Scotland takes its duties under the Data Protection Act seriously, and in a number of ways. Some of these are listed below:

How we use personal information

The NHSScotland factsheet ‘Confidentiality: how the NHS protects your personal health information gives general information on how NHSScotland uses, shares and protects personal information. 

We have also developed our own 8-page leaflet which has a summary of how we use personal information across NSS. Some of our services also publish more detailed information about this on their web pages. 

NSS entry in the Information Commissioner's Register of Data Controllers

To comply with the law, NSS has registered with the Information Commissioner's office. Our register entry can be viewed at the Information Commissioner website. Search using 'NHS National Services Scotland' in the 'Name' field.

Access to Your Personal Information

You can find out if we hold any personal information about you by making a 'subject access request' under the Data Protection Act 1998.

If you would like to do this please complete our 'Subject Access Request form' which also asks for proof of identity.  Once we have received your completed form (including identity details and documents), we must respond to you within 40 days.

Please note that we can only handle subject access requests for information held in NHS National Services Scotland.  Subject access requests for personal information held in other NHS organisations must be made directly to those other NHS organisations.’ 

National Fraud Initiative

Together with other Scottish public sector organisations, we are required to participate in the National Fraud Initiative. As part of this, we provide staff payroll information for data matching. Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body. Further information about the National Fraud Initiative is available from Audit Scotland.

Reporting Concerns

Our Privacy Advisor is responsible for advising on and monitoring data protection practice on how we use personal information across the organisation.

If you have a concern about how we are handling personal information you can report your concern to them.

In writing:

NSS Privacy Advisor
Gyle Square
1 South Gyle Crescent
EH12 9EB.

By e-mail:

Once we have responded to your concern, if you are still unhappy you are entitled to report it to the Information Commissioner. Full details on how to do this are on the Information Commissionerís website at

Caldicott Guardian

Our Caldicott Guardian leads NSS in protecting the confidentiality of patient information. The Caldicott Guardian is responsible for advising on, agreeing and reviewing protocols governing the protection, use and disclosure of information about, or that identifies, patients. You can e-mail queries about patient confidentiality in NSS to our Caldicott mailbox at

Useful Links

explore NHS National Services Scotland