Information Governance Team

The Information Governance Team are part of the Department of Health and Social Care’s (DHSC) Corporate Services Division. The team consists of the Senior Information Risk Owner (SITO), Data Protection Officer (DPO)/ Information Governance Manager, two Information Governance Officers, and an Administration support officer, all of whom are based at Crookall House.

The Team provides a framework that brings together all the legal rules, guidance and best practice that apply to the handling of information.  At its heart the Information Governance Team is about setting a high standard for the handling of information and giving the DHSC service areas the tools to achieve that standard.  The ultimate aim is to demonstrate that the DHSC can be trusted to maintain the confidentiality and security of personal information by helping our staff to practice good information governance and to be consistent in the way that they handle personal and corporate information.

The Information Governance Team focus on data protection and confidentiality, information security, information quality and corporate information, providing advice and practical support to colleagues in and out of the Department, as well as fulfilling our responsibilities to Tynwald, Cabinet Office and the Information Commissioner as well as providing the public with advice and access to records and information.

Subject Access Request (SAR)

If you wish to ask us for information which we may hold about you personally then this will be dealt with under the Subject Access Provisions of the Data Protection Act 2018 (DPA) in line with the General Data Protection Regulation (GDPR).

Subject access is one of the main components of GDPR.

It gives people the right to request access to their personal information.

Please specify the kind of information you wish to be made available to you and any time periods involved, and ensure that you include proof of identity. As the data controller, we need to ensure that the request is actually from the data subject concerned. Proof of identity will usually consist of a copy of a formal document or bill with your name and address on it and your driving licence or passport.

If your request relates to other personal information, we may reasonably require further information from you in order to locate the information you are seeking.

Under GDPR we have up to one month to provide the information you ask for.

Where subject access requests are complex, we are able to extend the response period by a further two months. Where this is the case, we will inform you of our intention to extend the deadline and outline our reasons for doing so.

There may be some circumstances, where an exemption is applicable under GDPR, when we will not be able to provide you with the information that you have requested. It is also the case that we will not be able to provide you with any information that might identify any other individual unless that person agrees.

If you wish to make a Subject Access Request (SAR) please complete the Data Subject Access Request (SAR) form Data Subject Access Request (SAR) form v202001 or alternative the team can be contacted at:

If you are unhappy with any aspect of the way in which we deal with your Subject Access Request, you may complain in writing to the Information Commissioner at: