Frequently asked questions

How did you get my name and address?

Ipsos MORI is sending you this questionnaire on behalf of NHS England. Names were chosen at random from the NHS list of patients registered with a GP. NHS England has shared a limited amount of your personal data so that we can invite you to take part in this research. This data includes:

  • your name and address
  • GP practice code and NHS number
  • gender and month/year of birth

Ipsos MORI will keep your data confidential and will only use your contact details to send these questionnaires. Once the survey is finished, Ipsos MORI will securely destroy your contact details. Ipsos MORI has no information about patients’ health.

Under the General Data Protection Regulation (GDPR), NHS England is responsible as a data controller for the processing of personal data for the purposes of this survey. NHS England’s basis for lawful processing for the GP Patient Survey is Article 6(1) (e) - “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”. Ipsos MORI is the data processor acting on instructions of NHS England to deliver the survey.

NHS England is carrying out this research in order to help the NHS improve GP practice and other local NHS services so they better meet local needs.

Taking part is voluntary and any answers are given with your consent. However, if you do not want to take part in the future please send your survey number (located at the top of the letter or on the front of the questionnaire) indicating that you wish to opt out to

Are National Data Opt-outs applied to this survey?

No. The Department of Health and Social Care has confirmed that the National Data Opt-out only applies when confidential patient information is being used for purposes other than care for the individual. Confidential patient information includes clinical data about the individual (such as any medical conditions, prescriptions or care received), and any information about the individual that has been accessed via the individual’s medical record. The GP Patient Survey uses demographic data and contact details drawn from the patient registration record of GP practices to select and contact individuals to be surveyed. This personal data is not classified as confidential patient information as no clinical information is used or accessed. As such, the National Data Opt-out does not apply to the GP Patient Survey.

Have you got access to my health data?

No, absolutely not. Ipsos MORI has only been given your GP practice code and NHS number, name, address, month and year of birth, and gender. We do not have any information about your health – this remains confidential between you and your GP.

We have your NHS number so that we can identify you if you have previously opted-out from the survey to ensure we do not contact you again. We have your name and address so that we can contact you regarding the survey. We have GP practice code so that we can link answers to GP practices.

Information about month and year of birth and gender will only be used to make sure that the anonymised survey data matches the profile of the practice population as closely as possible.

Who we share your data with

Ipsos MORI is working with certain supplier organisations to assist us in running the survey, and we will need to disclose your name and address to these supplier organisations for that purpose. These supplier organisations include:

  • Adare SEC; printing letters and questionnaires
  • Whistl and Royal Mail; distribution and postage

These suppliers are approved and compliant with the General Data Protection Regulations.


Some online surveys collect information through the use of 'cookies'. These are small files stored on your computer. These files are used as sparingly as possible and only for quality control, validation and, more importantly, to prevent us sending you reminders for an online survey you have already completed. It is possible for you to delete 'cookies' or to prevent their use by adjusting the browser settings on your computer.

We also automatically capture information about your operating system, display settings and browser type in order to ensure that the survey questionnaire is delivered in a form suited to the software your computer is using. We do not capture any other information from your computer.

What happens to my answers?/ Will my doctor see my answers to this survey?

Your answers are put together with the answers from other people and are not linked to your name, address or NHS number. Your individual answers to the questions will be kept confidential by Ipsos MORI, and by approved NHS England staff and researchers. Nobody will be able to identify you in any results that are published.

Who are approved NHS England staff and researchers and how can they use the findings?

NHS England is the data controller for the processing of personal data for the GP Patient Survey, which means that they are responsible for ensuring that the processing of the data complies with the GDPR. Part of this responsibility involves providing privacy information.

You can access NHS England’s Privacy Notice at

Where will my personal data be held and processed?

All of your personal data used and collected for this survey will be stored by Ipsos MORI in data centres and servers within the United Kingdom.

How will you ensure my personal information is secure?

Ipsos MORI takes its information security responsibilities seriously and applies various precautions to ensure your information is protected from loss, theft or misuse. Security precautions include appropriate physical security of offices and controlled and limited access to computer systems. Stringent measures have been taken to ensure personal information is securely stored and seen only by the personnel directly involved in the project.

Ipsos MORI has regular internal and external audits of its information security controls and working practices, and is accredited to the International Standard for Information Security, ISO 27001.

Your individual answers to the questions are not linked to your name, address or NHS number. Ipsos MORI, and approved NHS England staff and researchers, treat individual answers as confidential and adhere to all aspects and provisions of the General Data Protection Regulation and all other relevant legislation, including requirements for secure storage.

How long will Ipsos MORI retain my personal data and identifiable responses?

Ipsos MORI will only retain your data in a way that can identify you for as long as is necessary to support the research project and findings. In practice, this means that once we have satisfactorily reported the anonymous research findings, we will securely remove your personal, identifying data from our systems and those of our suppliers.

For this study, we will securely remove your personal data from our systems by the 12 October 2018.

How is my doctor involved in this survey?

The questionnaire is being sent to a random selection of people who are registered with a GP in England, and your name was selected randomly from the list of patients registered with a GP held by NHS England.

GP practices should be aware that the survey is taking place. After the survey has been completed they will have access to the anonymised, statistical results for their practice available via this website, but will not have access to individual answers.

Has the survey received ethical approval?

Before starting the first survey in 2007 Ipsos MORI consulted the Central Office for Research Ethics Committee (COREC) and was advised that this survey is ‘service evaluation’ rather than ‘pure research’ – to evaluate the service provided by GPs to their patients. As a result, this survey does not require formal medical research ethical approval. However, Ipsos MORI strictly adheres to the Market Research Society code of research ethics, and the patient details provided are not used for anything other than the purpose of this survey.

Your rights

The GDPR includes a number of rights that are more extensive that those in the Data Protection Act 1998. We must generally respond to requests in relation to your rights within one month, although there are some exceptions to this.

NHS England’s Privacy Notice explains your rights and how to exercise them.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you have concerns on how we have processed your personal data. You can find details about how to contact the Information Commissioner’s Office at or by sending an email to:

How can I contact Ipsos MORI and NHS England about this survey and/or my personal data?

Contact Ipsos MORI:

If you have any questions about this research, please contact the research team. They can be contacted by:


The GPPS Team - Ipsos MORI
3 Thomas More Square
London E1W 1YW

If you have any questions or require further information about our privacy policy, our compliance with data protection laws or information we hold about you, please contact our Compliance Department. They can be contacted by:

Email: with “18-042228-01 GPPS” in the email subject line.

Ref: 17-043177 GPPS
Compliance Department
Ipsos MORI
3 Thomas More Square
London E1W 1YW

Contact NHS England:


Telephone: 0300 311 22 33

NHS England
PO Box 16738
B97 9PT