GDPR
Consultancy
and Services

Home | What We Do | GDPR

GDPR

GDPR

GDPR

As a company that has developed and hosts multiple databases across multiple specialties holding more than a million records worldwide - that contains clinical, personal and sensitive data - data protection and UK/EU GDPR compliance is at the forefront of Dendrite’s software and registry development and implementation processes.

Unique data analysis and reporting

Monitored

Customer data protection requirements are frequently dependent on local data protection regulations and legislations, so Dendrite has very carefully selected a number of sub-contracted server hosts to ensure that they not only meet customer service requirements but also the legal requirements of UK and EU GDPR.  Dendrite is currently able to provide sub-contracted server hosting services at the following:

  • RedCentric (UK): For registries to be accessed within the NHS (over both HSCN and Internet)
  • OVH (UK): For the implementation of International registries
  • OVH (France): For the implementation of European registries
  • RackSpace (USA): For the implementation of North American registries
  • Spark Health (NZ): For the implementation of registries in New Zealand

All server hosts are Tier 3 providers, offering 24x7 monitored secure environments with stringent security processes (including firewall monitoring). Connections to all servers is 256-bit encrypted and/or via VPN.  However, if customers wish to arrange their own registry server host, or would like us to sub-contract a server host in a different country, this can be accommodated.

Dendrite GDPR & Data Protection compliance

Analytics
  • ICO Registered - As required under the UK Data Protection Act (2018)
  • Cyber Essentials Plus certified
  • DSP Toolkit – Exceeds Expectations - As required by UK NHS digital to process UK NHS data

Included within the DSP Toolkit requirements, Dendrite are required to prove that requirements have been met in the following:

  • Annual Independent penetration test of core Intellect web software
  • Annual data protection training has been provided to, and passed by, all staff
  • Appropriate security policies are in place and are reviewed annually

Dendrite Intellect Web Software

Insight

The security surrounding user logins is aligned to Industry data protection standards (including multi-factor authentication) and the security model built into the core Intellect web software ensures that records can only be accessed by those users so authorised.  In addition, the inclusion of “user application flags” can be incorporated to limit the functions that each user is able to see.

GDPR Documentation

Distributed

As defined by UK and EU GDPR, Dendrite are always a “Data Processor” for national registry implementations, and as a consequence mostly dependent on “Data Controllers” to provide the necessary documentation for their registries.  However, Dendrite can provide assistance with this documentation and also providing various templates/examples:

  • Data Processing Agreement
  • Privacy Notice / Patient Information Letters (incorporating Subject Access Request and opt-out processes)
  • Data Sharing Agreements
  • Data Privacy Impact Assessment
  • Data Flows Diagram
  • Informed Consent forms

Would you like to know more?

Case Studies

BAPRAS

UK National Flap Registry

Cardiac Surgery Database

Prince of Wales Hospital
Hong Kong

BAETS

UK Registry of Endocrine and Thyroid Surgery

News

Dendrite publishes EACTS Daily News conference newspaper

21 October 2025

Dendrite Clinical Systems is pleased to announce the publication of the EACTS Daily News conference newspaper. This is the first year since 2015 that Dendrite has published the newspaper on…

Out-of-Hospital Cardiac Arrest Registry algorithm improves outcomes, efficiencies and is cost-effective

25 May 2025

Two-year outcomes from the Out-of-Hospital Cardiac Arrest Registry have demonstrated that the implementation of an algorithm – developed after analysing data from the registry – improves patient outcomes, workforce efficiencies…

Dendrite publishes SCTS Conference News newspaper

20 March 2025

Dendrite Clinical Systems is pleased to announce the publication of the SCTS Conference News 2025 newspaper. This is the 9th year Dendrite has published the newspaper on behalf of the…

What We Do

National and International Registries

As a recognised leading provider of clinical registries, we have an unparalleled track record of implementing over 200 major clinical registries for major research projects.

Clinical
Trials

Enabling powerful data capture, our clinical trial software can be designed to suit any clinical research or scenario from specific diseases to clinical procedures.

Real World
Evidence

A specialist provider of clinical trials and registries, we have unique experience in the field of Real World Evidence studies.

Registry
Reports

We have extensive experience in publishing clinical database reports in collaboration with national and international clinical societies and hospitals.

GDPR Consultancy

GDPR Consultancy seamlessly guides our clients through the requirements and responsibilities of GDPR legislation.

Hospital
Systems

Enabling hospitals, departments, clinics and clinicians to create and manage their own databases to collect, analyse and report data.

MDT

The pioneering MDT Workflow software can be deployed across any specialty and allows the entire patient journey to be tracked within a single, secure system.

Data
Analysis

Our in-house data analysis team work to reveal and interpret key messages from your data through expert analysis.

ePROMS

The ePROMS software can automatically send a secure personalised PROMS questionnaire to patients to complete on their smart-device and the data returns automatically to the registry.

Medical Newspapers

Since 2009, we have designed and published over 20 specialist medical newspaper for numerous medical specialities and societies.