Skip to main content

You are here:

GDPR and the National Patient Experience Survey Programme

What is GDPR?

GDPR (General Data Protection Regulation) 2018 is the most important change in data privacy regulation in 20 years. After four years of preparation and debate,  the European Union (EU) Parliament approved the regulation on 14 April 2016. By 25 May 2018, all organisations that process the data of EU residents must be in compliance with GDPR.

The regulation replaces Irish data protection legislation (Data Protections Acts 1988/2003) and harmonises data privacy laws across Europe. It is designed to protect and empower all EU citizens’ and residents’ data privacy. It also reshapes the way organisations across the region approach data privacy.


How does the National Patient Experience Survey Programme comply with GDPR?

To carry out the survey, the National Patient Experience Survey Programme processes the contact details of patients, eligible to participate in patient experience surveys. This is necessary to ensure that all eligible participants receive the survey and have the opportunity to tell us about their experience.

We inform every patient on discharge that they will be asked to participate in a survey and provide five different ways for participants to opt out of a survey. We also conduct national media campaigns to make sure that everyone is aware when a survey is taking place.

The aim of the National Patient Experience Survey Programme is to collect patients’ feedback on their experience of hospital care in Ireland. This information will be used to inform quality improvements across the healthcare system. The National Patient Experience Survey Programme therefore complies with Article 6 1(e) of GDPR as it is carried out in the public interest.

To ensure that the privacy rights of potential participants are respected, we have

  • put a Data Sharing Agreement in place with each participating hospital
  • attained Ethical Approval
  • conducted a Privacy Impact Assessment (PIA) to identify and mitigate any risks to participants’ privacy rights. This was completed in 2017 and revised in 2018.


Where can I find out more?

For more information on how participants’ information is processed and how data citizens’ privacy rights are respected, see here.

For more information on GDPR, please go to here.