Skip to main content

BLOG: GPDPR (GP Data Sharing) session 28

Stuart Lowe, Data Projects, Open Innovations

Chaired by Beautiful Information and ODI Leeds

On Thursday 8 July 2021 and as part of our #OpenDataSavesLives 2021 event series, we featured a town hall style debate around the hot topic of #GPDPR (sharing of general practice data for planning and research).

During the event, we asked the  #OpenDataSavesLives community to submit their response comments and questions on NHS Digital’s GPDPR strategy.

What is GPDPR?

GPDPR - or sharing of general practice data for planning and research -  is a new method of data sharing coming from NHS Digital. First announced by the health secretary Matt Hancock, in April this year, it was due to go ‘live’ on 1 July 2021. However, the plans were met with controversy and requests for clarification - reflected in the discussion at this Open Data Saves Lives event. The new launch date for GPDPR has now been pushed back to September this year.

We convened four speakers to give short lightning-talk style presentations on their key take aways on the GPDPR strategy and stimulate live debate:

First off, Dr Marcus Baw (Chair RCGP Health Informatics Group, Freelance Software Developer, Locum General Practitioner) spoke about how lots of good comes from data sharing, but complexities arise from working as a GP where patients are sharing sensitive information which they may not willingly share with others. Because of this, said Marcus, being a GP comes with special responsibilities.

Crucially, Marcus highlighted that GPDPR is about gathering data and making it usable for researchers and planning of NHS services and NOT for any form of direct care. However, the way that data is provided to GPs is based on it being used for patient direct care and this raises concerns among health professionals. For instance, under GPDPR individuals could probably still be identified - even from very large data sets - because of the way data is collected and shared. Marcus explained that while he and other medics are really supportive of using data for secondary purposes, this needs to be done under the caveat that we should never forget where the data originated from, and why it’s with us.

Following Marcus, Tina Woods spoke about how building trust is critical in delivering on the promise of the 'Data Saves Lives' strategy, showing examples of how and why the public need to be engaged.  Tina said “Putting public trust at the centre of the strategy” is what we need to address within the GPDPR debate right now.”

One of the big issues Tina highlighted is communicating to the public about what the definition of open data actually is - since there are lots of different definitions and ideas around this which can be confusing and mean data strategies lack clarity.

Tina also suggested thinking about the role of businesses in data and data sharing as a necessary part of an open data strategy. The determinants of obesity is a good example of this. Looking at a data exchange using supermarket basket data and epigenetic profiling to identify those who are eating the most unhealthy diets and who are, therefore, the most vulnerable, can help inform nudge strategies.

Tina said “The key is in better facilitation of data sharing across the ecosystem to provide social good. The issue of public trust is fundamental though, because without that, we’ve got nothing.”

Next, Dr Osman Bhatti, GP in East London, highlighted again the issue of public trust. Patients providing their GPs with sensitive information is based on a relationship of trust and anything that breaks this trust will be detrimental to the patient:doctor relationship and society as a whole.

Osman said as GPs, we always share data when there is an issue of direct care - for instance when a patient is transferred to the hospital. There are no concerns about data sharing in that context. The problem is that NHS Digital is not upholding confidentiality and is setting in place a new strategy with no time for consultation from the public.

Osman explained  that if we take a look at the history of what’s happened with data, we've got organisations such as Cambridge Analytica and the implications for how openness and transparency with data protection is developed, and we all know the implications of identifiable data.

So whilst we're (GP’s) not concerned about GPDPR for planning and research, which is a good thing and already being done at the local level, the issue here is about the fact we are upholding security. This wouldn’t be such an issue if the strategy was opt-in but in this case the GPDPR strategy is opt-out.

Finally, Phil Booth from medConfidential gave his perspective on the GPDPR strategy, summarising that the critical point is ensuring that every use of patients’ data is consensual, safe and transparent. Whilst there is no conflict between good research, good ethics and good medical care, Phil stated that GPDPR is more about driving the NHSD strategy forward.

From Phil’s perspective, aggregate data can be used as open data but if open starts to try to redefine itself, so that it can include personal data and health data, we have a real problem.

As is always the case with our Open Data Saves Lives events, the speakers and topics encouraged a lively discussion from the 49 participants with lots of questions, discussion points and observations raised.

Summary of key discussion points (as written by attendees):

  • The discussion with the public is key, and not usually done well.
  • Open Approaches as well as Open Data is important - Sharing the Stories, Technical details as well as Data and Code. In many aspects sharing our work and working out loud can be as important as sharing the data.
  • It’s important to have an accurate threat model and understanding of the potential effect that a re-identification could have. It's an unusually serious assault on a person. It's not like a credit card data leak where you can cancel those cards and reimburse the defrauded. You can't get a new medical record if yours is leaked.
  • Different people have different amounts of risk from reuse of their personal data.
  • Navigating the media is so important.
  • If we provide the data on the basis of Benefit to Health and Care, then the putative 'google cure for cancer' MUST be open sourced and released in a similarly trusting and altruistic way. Or the deal's off.
  • We've always been in favour of legitimate, ethical research and planning uses
  • Most if not everyone I've spoken to about this agrees that planning and research are good things and support data reuse. We just want it done properly, safely, consensually.
  • How does the review of governance of data access mentioned in the life sciences vision (yesterday) fit in with currently set out oversight of GPDPR within NHSD?
  • Projects like OpenSAFELY gain trust from me because: 1) they took a very clear approach from the beginning that built-in privacy and acknowledges that privacy is very important; 2) they technically limit what they are able to do; 3) researchers don't get access to individual data - just the aggregate results of their research question; 4) they are very transparent about what research questions are asked by who and when; 5) they have a governance that seems driven by consideration of patients.
  • Is there a proposal that a TRE is also to be used for audit and data for planning etc ie a trusted environment for all data not just for research?
  • Research for individual patients is considered part of usual care and direct care so it needs to be considered that this data in theory can identify people for research that can be for direct care
  • The health bill includes a small change of language to 'purposes connected to health', which I hope makes broader health inequalities uses more feasible
  • There needs to be more feedback to patients on how the use of data in these ways are actually benefiting the wider population and there maybe less confusion for them.
  • This is about patients being adequately informed so that they do not view it as a surprise that will then breed distrust
  • How is consented patient data going to be available if they have a type 1 opt out?
  • With open safely- technically you are still linking the person’s data with other data sets (and their data) so I would expect the type 1 opt out should be applied or in their NDO- because data is being matched and they have ‘opted out’ of national data
  • Transparency is just ONE part: what is the consent model for OpenSAFELY?
  • Commercial research is essential for health as shown by vaccine research so please when we speak of commercial can we be mindful of the benefits of commercial research for patient benefit
  • This is why "Safe People" & "Safe Projects" is a far better framing.

If you want to join our mission, email Ali.morpeth@opendatasaveslives or

Useful resources:

TPP is OpenDataSavesLives’ first official and confirmed Foundation sponsor:

NHSD’s GPDPR video and information:

Department of Health and Social Care’s data saves lives: reshaping health and social care with data (draft):

The government and the life science sector’s plan to create a thriving sector, and tackle the major causes of death and disease:

Taskforce on Innovation, Growth and Regulatory Reform (TIGRR) independent report:

Inside Estonia’s pioneering digital health service:

Life Sciences Industrial Strategy I:

Life Sciences Industrial Strategy II:

OpenSAFELY jobs website:

OpenDataSavesLives Unconference Wednesday 29 September 2021 registration: