How we collect and use Cataract patient data

Why we collect information about your cataract surgery and how your information is used

What information is collected for the cataract audit?

Information can be submitted to the audit by your hospital if you had cataract surgery in the UK and Guernsey. The information collected, as part of your patient record for cataract surgery, and used by NOD includes:

  • information on your vision before and after surgery
  •  cataract surgery outcome (complications of surgery and vision after surgery)
  • other medical conditions that affect cataract surgery
  • post-operative refraction (the need for glasses)
  • age, gender and ethnicity (where available)
  • unique patient identifier (an audit code number which cannot specifically identify anyone personally) 

The unique patient identifier shows us if you have had cataract surgery performed on both eyes. We cannot identify any individual patient from this information. The hospital responsible for your cataract surgery can identify an individual patient from this information as it is part of your care record. Information submitted into the audit will be retained for the duration of the audit.

Legal basis for processing your data

The audit is covered under GDPR by the following legal bases for processing your data: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller {Article 6 (1) (e)} processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy. {Article 9 (2) (i)} 

How is the information used?

The information is analysed and the audit report will help hospitals and surgeons to identify and minimise the risks associated with cataract surgery. Although the risk of cataract surgery is on average quite low, the NOD audit aims to further improve the quality of care and patient outcomes. The report is available to the public, and surgeon and centre reports are available via this website. We emphasise that no individual patient can be identified from any audit report.

How will your information be kept safe?

There are strict rules about what happens to your data. Information collected is available to a very small number of specially restricted staff on the audit team. The data analyst uses a secure dedicated computer to analyse the information. The College and its subcontractors undertake analysis of the data for the purposes of the audit. However, anonymized and / or aggregated information may be requested for research, service evaluation and commissioning purposes, and information will only be released following approval from the data controller. The Royal College of Ophthalmologists is the data controller and has overall authority over the data and all aspects of its use.

Further information

If you have any questions about patient information relevant to the audit, please contact the RCOphth Data Protection Officer, Ali Rivett at Telephone: 020 7935 0702 (Monday to Friday, 9am – 5pm) Website:

Your right to access may be limited as the information submitted by participating hospitals is anonymous to the audit team. However, you can contact the hospital that provided your cataract surgery if you wish to access your information. If you have concerns about the way your information is being handled, you have the right to make a complaint with the ICO (Information Commissioner's Office), the independent authority in the UK responsible for upholding information rights in the public interest via telephone on 0303 123 1113 or their website,

Want more?

If you have any questions about the information available on this site, please email