Keeping your data safe

We follow best practices to keep your information secure and confidential


We follow the data security standards set down by NHS Digital

Each year the IBD Registry completes NHS Digital’s Data Security and Protection Toolkit. This enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care.

We are formally assessed by NHS Digital on these data security standards every year.

You can see our assessment results at NHS Digital (our number is 8JX66).


We set out clear rules and procedures on how we handle information

We have an overarching Information Governance Framework, under which there is a set of policies which includes data security, data protection and confidentiality

We also have careful policies to govern in what circumstances we can share data, who we can share data with, and what types of data can be shared. 

There is an annual review of our data security and protection procedures that reinforce these policies to ensure the Registry runs smoothly and securely.


We follow best technical practice in how we handle information

We keep data in a secure data centre – also used by some NHS organisations – it is both physically secure against intruders, and electronically secure against hackers.  It is completely separate from our office IT systems, so that if (in the worst case) we suffer an intrusion, there is no connecting route to your data.

We are very careful about which staff members can access what types of data. Staff will only see your personal details if their job role requires it

We train our staff carefully, so they know what they need to do to keep information safe. We update their training and assess them every year.

We conduct our analysis on a de-identified form of your data (where your personal identifying details have been removed)


We design data protection in from the start

We undertake Data Protection Impact Assessments (DPIAs) to ensure we build in data protection from the very start of any new project or significant changes.


IBD Registry Ltd is a not-for-profit company limited by guarantee - Company Number 11197749.