Data Flow Mapping

Organisation Name
Information Asset Owner
Information Asset Administrator
Version of IG Toolkit Created for
Date of DFM Completion

Executive Summary of Team's Risks

Number of Risk Assessment Reds 2
Number of Risk Assessment Amders 4
Number of Risk Assessment Yellows 5
Number of Risk Assessment Greens 2
All risk that are anything other than Green must
be Accepted or Mitigated by the IAO. This must
be represented in the Risk Assessment section
in each of Tabs 1-4.

Number of Red Number of Amber Number of Yellow Number of Green

Electronic 1 2 0 0
Paper 1 2 0 0
Other 0 0 0 0

Extract from ICO Preparing for GDPR

Information you hold
You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit across the organisation or within particular business
areas.

The GDPR requires you to maintain records of your processing activities.

It updates rights for a networked world. For example, if you have inaccurate personal data and have shared this with another organisation, you will have to tell the other organisation about the inaccuracy
so it can correct its own records. You won’t be able to do this unless you know what personal data you hold, where it came from and who you share it with. You should document this. Doing this will also
help you to comply with the GDPR’s accountability principle, which requires organisations to be able to show how they comply with the data protection principles, for example by having effective policies
and procedures in place.

ICO GDPR checklist for GDPR advises that organisations must:

● Conduct an information audit to map data flows.

● Document what personal data you hold, where it came from, who you share it with and what you do with it.
● Identify your lawful bases for processing and document them.

ICO Data Definitions under GDPR:

Personal data

Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and
the way organisations collect information about people.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual
records containing personal data.
Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

Sensitive personal data

The GDPR refers to sensitive personal data as “special categories of personal data” and includes any information consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or
trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.

Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.
Data Flow Mapping NHS South, Central and West CSU
Risk
Who What Where When How Risk Assesment Purpose and Legal Basis of Data Flow
Treatment/Mitigation

(For Risks that are

Where is the data
Number of How is the Considering your If you have identified scored anything other
stored before it is sent How is the data How is access Frequency of the Method used for What would be What is the
Direction of flow Media Comments records per information Is information previous answers; a risk, please write a than Green, state and
Who sends the information Recipient Data item Content Type or after it has been store secured? evidenced? transfer per week transfer the IMPACT of the LIKELIHOOD of Risk
Ref no. (This is a drop-down (This is a drop- (This is a free transfer protected? Comment processed outside have you identified a brief description and justify how you and your Purpose Current Legal Basis Legal Basis under GDPR
(This is a free text box) (This is a drop down menu) (This is a free text box) (This is a drop-down menu) received? (This is a drop- (This is a drop- (This is a drop- (This is a drop-down risk occuring this risk Score
menu) down menu) text box) (This is a drop- (This is a drop- the UK? risk with the data complete risk IAO wish to either
(This is a drop-down down menu) down menu) down menu) menu) occuring?
down menu) down menu) flow? assessment -----> Accept or Mitigate the
menu)
risk)

Out-flow

patient health & care Email from NHSmail

Smartcard and Provision of health or
General Practice Out-flow Care home information (e.g. Sensitive personal data Electronic Clinical system System Audit Less than 6 6 to 20 to non-NHSmail (e.g Encrypted Within UK only No 0 Direct Patient Care Direct Patient Care
password protected social care
medication details) NHS Trust)

patient health & care Not applicable - Mitigate - staff trained,

Records could get Provision of health or
General Practice Out-flow Care home information (e.g. Sensitive personal data Paper Filing cabinet Key Key allocation Less than 6 6 to 20 Manual - staff must add Within UK only Yes 3 3 9 secure information Direct Patient Care Direct Patient Care
misplaced in transit social care
medication details) comment handling protocol

Safeguarding Smartcard and Email from NHSmail

General Practice Out-flow CCG Sensitive personal data Electronic Clinical system System Audit Less than 6 Less than 6 NHSmail Within UK only No 0 Safeguarding Other - please specify Required by law
communication password protected to NHSmail

Password protected
Computer/network Email from NHSmail Management of health or
General Practice Out-flow CCG Individual Funding Request Sensitive personal data Electronic network System Audit Less than 6 6 to 20 NHSmail Within UK only No IFR validation Section 251
System Shared Drive to NHSmail social care system
drive/system

Password protected
Computer/network Email from NHSmail Management of health or
General Practice Out-flow CCG Invoice validation Sensitive personal data Electronic network System Audit Less than 6 6 to 20 NHSmail Within UK only No Invoice validation Section 251
System Shared Drive to NHSmail social care system
drive/system

patient may be Accept - Data

Patient information for risk Smartcard and Automated system to Management of health or
General Practice Out-flow CCG Sensitive personal data Electronic Clinical system System Audit 1001 plus Less than 6 Encrypted Within UK only Yes identifiable if low 2 2 4 anoymised, low number Risk Stratification Section 251
stratification password protected system transfer social care system
numbers suppression applied

Child & Addolescent Mental Smartcard and Email from NHSmail Provision of health or
General Practice Out-flow Case Notes Sensitive personal data Electronic Clinical system System Audit Less than 6 Less than 6 NHSmail Within UK only No 0 Direct Patient Care Direct Patient Care
Health Service (CAMHS) password protected to NHSmail social care

Community Professionals Email from NHSmail

Smartcard and Provision of health or
General Practice Out-flow (e.g social workers, district Case Notes Sensitive personal data Electronic Clinical system System Audit Less than 6 21 to 100 to non-NHSmail (e.g Encrypted Within UK only No 0 Direct Patient Care Direct Patient Care
password protected social care
nurses) NHS Trust)

Smartcard and Post special or

General Practice Out-flow Coroner Full medical record Sensitive personal data Electronic Clinical system System Audit Less than 6 Less than 6 Special delivery Within UK only No 0 Death investigation Public Interest Required by law
password protected registered Royal Mail

General Practice Out-flow Coroner Full medical record Sensitive personal data Paper Filing cabinet Key Key allocation Less than 6 Less than 6 Manual - staff Sealed package Within UK only No 0 Death investigation Public Interest Required by law

Email from NHSmail Task in the public interest

psuedonymised patient Smartcard and
General Practice Out-flow CQC Sensitive personal data Electronic Clinical system System Audit 6 to 20 Less than 6 to non-NHSmail (e.g Encrypted Within UK only Yes Onward use unknown 4 3 12 Accept Regulatory activity Other - please specify or exercise of official
information for CQC visit password protected
NHS Trust) authority

Task in the public interest

psuedonymised patient Smartcard and
General Practice Out-flow CQC Sensitive personal data Paper Clinical system System Audit 6 to 20 Less than 6 Manual - staff Sealed package Within UK only Yes Onward use unknown 4 3 12 Accept Regulatory activity Other - please specify or exercise of official
information for CQC visit password protected
authority
Task in the public interest
Post ordinary Royal
General Practice Out-flow DBS check process DBS form Personal data Paper Filing cabinet Key Key allocation Less than 6 Less than 6 Sealed package Within UK only No 0 Regulatory activity Public Interest or exercise of official
Mail
authority
Task in the public interest
Smartcard and Post special or
General Practice Out-flow DWP Patient information Sensitive personal data Electronic Clinical system System Audit Less than 6 Less than 6 Special delivery Within UK only No 0 Regulatory activity Public Interest or exercise of official
password protected registered Royal Mail
authority
Secure File Transfer
External mailing provider (e.g Smartcard and NHS Secure file Management of health or
General Practice Out-flow patient details Sensitive personal data Clinical system System Audit 101 to 1000 Less than 6 Protocol (for Bulk Within UK only No 0 Records management Direct Patient Care
Docmail) password protected transfer protocol social care system
transfer)

Smartcard and Automated system to NHS Secure file Management of health or

General Practice Out-flow General Practice Electronic patient record Sensitive personal data Electronic Clinical system System Audit Less than 6 Less than 6 GP2GP Within UK only No 0 GP2GP Direct Patient Care
password protected system transfer transfer protocol social care system

Email from NHSmail

Smartcard and
General Practice Out-flow Insurance company medical report Sensitive personal data Electronic Clinical system System Audit Less than 6 6 to 20 to non-NHSmail (e.g Encrypted Within UK only No 0 Medical report request Consent Consent
password protected
NHS Trust)

Password protected Email from NHSmail Task in the public interest

Computer/network
General Practice Out-flow Medical Defence (e.g MDU) GPs personal data Sensitive personal data Electronic network System Audit Less than 6 Less than 6 to non-NHSmail (e.g Encrypted Within UK only No 0 Regulatory activity Public Interest or exercise of official
System Shared Drive
drive/system NHS Trust) authority

Accept - meeting
Multi Disiplinary Team across patient data to support non Smartcard and Email from NHSmail Patient may be known attendees are subject to
General Practice Out-flow Sensitive personal data Electronic Clinical system System Audit Less than 6 6 to 20 NHSmail Within UK only Yes 4 3 12 Patient care Consent Consent
health and social services clinical needs password protected to NHSmail to meeting attendee their organsations' code
of confidentiality
Accept - meeting
Multi Disiplinary Team across patient data to support non Smartcard and Patient may be known attendees are subject to
General Practice Out-flow Sensitive personal data Paper Clinical system System Audit Less than 6 6 to 20 Skype Encrypted Within UK only Yes 4 3 12 safeguarding Consent Consent
health and social services clinical needs password protected to meeting attendee their organsations' code
of condifentiality
Practice is
unknown what
patient data for clinical Smartcard and Automated system to NHS Secure file required to Management of health or
General Practice Out-flow NHS Digital Sensitive personal data Electronic Clinical system System Audit 1001 plus 21 to 100 Within UK only Yes happens with 5 3 15 Accept safeguarding Consent
audit password protected system transfer transfer protocol allow social care system
extracted data
extraction
Records may get
Locked storage Management of health or
General Practice Out-flow Offsite records storage Patient Records Sensitive personal data Paper Filing cabinet Key Key allocation 1001 plus Less than 6 Manual - staff Within UK only Yes misplaced in 3 3 9 Mitigate - risk assess Records management Other - please specify
container social care system
transit/storage

Secure shared out of hours staff may

Smartcard and Mitigate - privacy alert Medical diagnosis and
General Practice Out-flow Out of hours services Patient record Sensitive personal data Electronic Clinical system System Audit 21 to 100 21 to 100 access (e.g Encrypted Within UK only Yes access record without 3 3 9 Direct Patient Care Direct Patient Care
password protected follow up treatment
Connected Care) justification/consent

Health communication e.g. Patient has not

Smartcard and Provision of health or
General Practice Out-flow Patient appointment confirmation, Sensitive personal data Other Clinical system System Audit 101 to 1000 Less than 6 Text message Encrypted Within UK only Yes provided updated 3 3 9 Mitigate - text protocol Patient communnicaiton Consent
password protected social care
flu reminder moblile number

Patient * Could be major

consent to communication not depending on sensitivity
Non patient specific Email from NHSmail
Password protected email non sent bcc - patients of data or profile of Provision of health or
General Practice Out-flow Patients communication e.g. Sensitive personal data Electronic Clinical system System Audit 1001 plus Less than 6 to non-NHSmail (e.g None Within UK only Yes 3 3 9 Patient communnicaiton Consent
files confidential identified by email patient. social care
Newsletter, flu reminder NHS Trust)
info - must be address* Accept- staff trained,
sent bcc email protocol in place

Password protected Email from NHSmail

Computer/network Management of health or
General Practice Out-flow Payroll provider Staff financial details Sensitive personal data Electronic network System Audit 21 to 100 Less than 6 to non-NHSmail (e.g Encrypted Within UK only No 0 Payroll activity Consent
System Shared Drive social care system
drive/system NHS Trust)

Manual - secure records get lost during Accept - national issue, Management of health or
General Practice Out-flow PCSE patient records Sensitive personal data Paper Filing cabinet Key Key allocation 101 to 1000 Less than 6 Sealed package Within UK only Yes 4 4 16 Records management Direct Patient Care
courier transit added to risk register social care system

Password protected Email from NHSmail

Computer/network Management of health or
General Practice Out-flow Pension provider Staff financial details Sensitive personal data Paper network System Audit Less than 6 Less than 6 to non-NHSmail (e.g Encrypted Within UK only No 0 Payroll activity Consent
System Shared Drive social care system
drive/system NHS Trust)

Smartcard and Post special or Prescription Management of health or

General Practice Out-flow Prescription Pricing Agency Patient information Sensitive personal data Electronic System integrated System Audit 21 to 100 Less than 6 Special delivery Within UK only No 0 Other - please specify
password protected registered Royal Mail management social care system

Task in the public interest

Response to professional Password protected Email from NHSmail
General Practice Out-flow RCGP Sensitive personal data Electronic Computer hard drive System Audit Less than 6 Less than 6 Encrypted Within UK only No 0 GP regulator Public Interest or exercise of official
conduct review files to NHSmail
authority
patient may be
Patient information for risk Smartcard and Automated system to Accept - Low number Management of health or
General Practice Out-flow SCW Sensitive personal data Electronic Clinical system System Audit 1001 plus Less than 6 Encrypted Within UK only Yes identifiable if low 2 2 4 Risk Stratification Section 251
stratification password protected system transfer suppression applied social care system
numbers

Email from NHSmail

Smartcard and NHS Secure file Provision of health or
General Practice Out-flow SCW Child health data Sensitive personal data Electronic Clinical system System Audit 6 to 20 Less than 6 to non-NHSmail (e.g Within UK only No 0 Direct Patient Care Direct patient care
password protected transfer protocol social care
NHS Trust)

Smartcard and Automated system to Medical diagnosis and

General Practice Out-flow Secondary care Referral Sensitive personal data Electronic Clinical system System Audit 101 to 1000 101 to 1000 Encrypted Within UK only No 0 Direct Patient Care Direct Patient Care
password protected system transfer treatment

Smartcard and Email from NHSmail Medical diagnosis and

General Practice Out-flow Secondary care Referral Sensitive personal data Paper Clinical system System Audit Less than 6 21 to 100 Encrypted Within UK only No 0 Direct Patient Care Direct Patient Care
password protected to NHSmail treatment

Page 2 01/31/2021
Data Flow Mapping NHS South, Central and West CSU
Smartcard and Email from NHSmail Mitigate - safe fax Medical diagnosis and
General Practice Out-flow Secondary care Referral Sensitive personal data Electronic System integrated System Audit Less than 6 6 to 20 None Within UK only No 0 Direct Patient Care Direct Patient Care
password protected to NHSmail procedure, staff trained treatment

Email from NHSmail

Solicitors and other third Smartcard and Management of health or
General Practice Out-flow Patient information Sensitive personal data Electronic Clinical system System Audit Less than 6 6 to 20 to non-NHSmail (e.g Encrypted Within UK only No 0 Subject Access Request Direct Patient Care
parties (e.g. police) password protected social care system
NHS Trust)

In-flow

Smartcard and Email from non- Management of health or

Care home In-flow General Practice Death Notification Sensitive personal data Other Clinical system System Audit Less than 6 Less than 6 Encrypted Within UK only 0 Records management Direct Patient Care
password protected NHSmail to NHSmail social care system

Password protected
Individual Funding Request Computer/network Email from NHSmail Management of health or
CCG In-flow General Practice Sensitive personal data Electronic network System Audit Less than 6 6 to 20 NHSmail Within UK only 0 IFR validation Consent
response System Shared Drive to NHSmail social care system
drive/system
Password protected
Computer/network Email from NHSmail Management of health or
CCG In-flow General Practice Invoice validation response Sensitive personal data Electronic network System Audit Less than 6 6 to 20 NHSmail Within UK only 0 Invoice validation Consent
System Shared Drive to NHSmail social care system
drive/system
Password protected
Safeguarding Computer/network Email from NHSmail
CCG In-flow General Practice Sensitive personal data Electronic network System Audit Less than 6 Less than 6 NHSmail Within UK only 0 Safeguarding Consent Required by law
communication System Shared Drive to NHSmail
drive/system
Password protected
Child & Addolescent Mental Computer/network Email from NHSmail Provision of health or
In-flow General Practice Case notes Sensitive personal data Electronic network System Audit Less than 6 Less than 6 NHSmail Within UK only 0 Safeguarding Direct Patient Care
Health Service (CAMHS) System Shared Drive to NHSmail social care
drive/system
Password protected
Community Professionals (e.g Case Notes, social service Computer/network Post special or Provision of health or
In-flow General Practice Sensitive personal data Paper network System Audit Less than 6 21 to 100 Special delivery Within UK only 0 Safeguarding Direct Patient Care
social workers, district nurses) record System Shared Drive registered Royal Mail social care
drive/system

Community Professionals (e.g Case Notes, social service Smartcard and Email from non- Provision of health or
In-flow General Practice Sensitive personal data Electronic System integrated System Audit Less than 6 21 to 100 Encrypted Within UK only 0 Safeguarding Direct Patient Care
social workers, district nurses) record password protected NHSmail to NHSmail social care

Coroners Report, Post Smartcard and Email from non-

Coroner In-flow General Practice Sensitive personal data Electronic System integrated System Audit Less than 6 Less than 6 Encrypted Within UK only 0 Death investigation Public Interest Required by law
Mortem password protected NHSmail to NHSmail

Task in the public interest

Driving licence Smartcard and Post ordinary Royal
DVLA In-flow General Practice Sensitive personal data Paper System integrated System Audit Less than 6 Less than 6 Sealed package Within UK only 0 Regulatory activity Public Interest or exercise of official
communication password protected Mail
authority
Staff records (e.g
Task in the public interest
employment contracts, Manual - data subject
Employees In-flow General Practice Sensitive personal data Paper Filing cabinet Key Key allocation Less than 6 Less than 6 Sealed package Within UK only 0 HR Other - please specify or exercise of official
disciplinary proceedings or representative
authority
etc)
pre-employment health Computer/network Password protected Post ordinary Royal Provision of health or
Employers In-flow General Practice Sensitive personal data Paper System Audit Less than 6 Less than 6 Sealed package Within UK only 0 HR Other - please specify
screening System Shared Drive files Mail social care
External agencies (e.g. NHS Patient letters, discharge
Smartcard and Automated system to NHS Secure file Provision of health or
Hospitals, A&E, Private In-flow General Practice notice, Clinic letters, Sensitive personal data Electronic System integrated System Audit Less than 6 21 to 100 Within UK only 0 Records management Direct Patient Care
password protected system transfer transfer protocol social care
hospitals, SCAS) patient assessment etc
External agencies (e.g. NHS
Patient letters, discharge Fax transmission - NHS Secure file Provision of health or
Hospitals, A&E, Private In-flow General Practice Sensitive personal data Paper Filing cabinet Key Key allocation Less than 6 21 to 100 Within UK only 0 Records management Direct Patient Care
notice, Clinic letters etc secure fax transfer protocol social care
hospitals, SCAS)
Computer/network Password protected Automated system to
Insurance Companies In-flow General Practice Medical report request Sensitive personal data Electronic System Audit Less than 6 6 to 20 Encrypted iGPR Within UK only 0 Medical report Consent Consent
System Shared Drive files system transfer

Smartcard and Manual - data subject Provision of health or

Patient In-flow General Practice Registration form Sensitive personal data Paper Clinical system System Audit Less than 6 Less than 6 Sealed package Within UK only 0 New patient registration Consent
password protected or representative social care

Smartcard and Post ordinary Royal Management of health or

Patient/carer In-flow General Practice Complaint letter Sensitive personal data Paper Clinical system System Audit Less than 6 Less than 6 Sealed package Within UK only 0 Service complaint Consent
password protected Mail social care system

Telephone
Smartcard and Manual - data subject Management of health or
Patient/carer In-flow General Practice Death Notification Sensitive personal data Other Clinical system System Audit Less than 6 Less than 6 acknowledgeme Within UK only 0 Records management Consent
password protected or representative social care system
nt

Smartcard and Email from non-

Patient In-flow General Practice SAR Sensitive personal data Electronic Clinical system System Audit Less than 6 6 to 20 None Within UK only 0 SAR Consent Consent
password protected NHSmail to NHSmail

Telephone
Repeat prescription Smartcard and Medical diagnosis and
Patient In-flow General Practice Sensitive personal data Electronic System integrated System Audit Less than 6 21 to 100 Other acknowledgeme Within UK only 0 Direct patient care Consent
request password protected treatment
nt

Smartcard and Email from NHSmail Medical diagnosis and

Pharmacy In-flow General Practice Prescription query Sensitive personal data Other Clinical system System Audit Less than 6 Less than 6 NHSmail Within UK only 0 Prescription query Direct Patient Care
password protected to NHSmail treatment

Password protected Task in the public interest

Computer/network Email from non-
School In-flow General Practice school records Sensitive personal data Electronic network System Audit Less than 6 101 to 1000 Encrypted Within UK only 0 Regulatory activity Other - please specify or exercise of official
System Shared Drive NHSmail to NHSmail
drive/system authority
Password protected
Solicitors and third parties (e.g. Computer/network Email from non-
In-flow General Practice SAR Sensitive personal data Electronic network System Audit Less than 6 6 to 20 None Within UK only 0 SAR Consent Consent
police) System Shared Drive NHSmail to NHSmail
drive/system

Page 3 01/31/2021