Strong governance makes sure the Wessex Secure Data Environment is run safely, fairly and in the public interest. This page explains who oversees the SDE, how decisions about data access are made, and the safeguards in place to ensure research is transparent, well-governed and accountable.
The Wessex Secure Data Environment is run through a clear and simple structure that keeps people’s data safe and ensures the service is always used for public good.
At the top is the SDE Board. This group checks that the SDE is safe, well run and meeting national NHS standards. The Board supports the Senior Responsible Officer (SRO), who has overall responsibility for how the service is delivered.
Beneath this, the Senior Leadership Team looks after the day-to-day running of the SDE. They oversee operations, data security, risk, performance, and the smooth running of the live service.
The SDE’s Digital Critical Friends are involved throughout this structure and help shape decisions that affect how the SDE operates. Their role is an important part of keeping the service transparent, trustworthy, and grounded in public expectations.
If you want to see more detail, you can explore our Terms of Reference and other documents on the Resources page.
Download high level organogram
The Wessex Data Access Committee (DAC) is the main decision-making and advisory body for data access within the SDE.
It is made up of four public members, six professional members, and a non-voting Chair.
The DAC reviews all research studies requesting access to data and focuses on:
All approved projects are added to our Data Use Register once they begin using SDE data.
Decisions made by the Wessex Data Access Committee (DAC) on data access requests are published promptly after each meeting to ensure openness and accountability.
Below you can find the committee’s Terms of Reference, meeting agendas, and minutes, which include summaries of discussions and outcomes.
Details of approved data access requests will also be published in our Data Use Register (DUR) in due course. Where necessary, any personal or sensitive information may be withheld to protect confidentiality and security.
The Wessex SDE operates under UK data protection law, NHS regulation, and independent ethical oversight. Every use of data must be justified, approved, and demonstrably in the public interest. Our Health Research Authority approvals set the boundaries for what we can and cannot do with NHS patient data, and our Approvals for Using Patient Data Explainer Leaflet outlines these safeguards in plain language.
All researchers follow a strict governance and access process built on the Five Safes. Specialist staff, information governance experts, and public members review applications to ensure each project meets legal, ethical, and scientific standards. Only approved researchers can enter the environment, and they must work within a secure, access-controlled setting.
Oversight extends beyond approvals. The SDE is subject to regular internal and external audits, including scrutiny by NHS England and our host organisation. We publish audit findings whenever possible and provide clear summaries where security restrictions limit full disclosure.
These controls work alongside our Social Licence commitments, ensuring that legal compliance is matched by openness, accountability, and responsible stewardship of NHS data.
There are three ways to raise a concern with the Wessex SDE:
All public concerns are managed under the SDE’s Accountability Procedures and, where necessary, escalated to UHS, the host organisation.
The Wessex SDE is also subject to the Freedom of Information Act (FOIA) and Data Subject Access Requests (DSARs). These are handled in line with legal requirements and coordinated with the UHS Information Governance team, which holds statutory responsibility for responding. FOIA and DSAR requests should follow the process outlined on the UHS website.
