There are problems with confidentiality in the NHS - people leave patient records on monitors or send letters to the wrong address. But this kind of project is very different.
And .. suppose a company does sell it. Or an attacker breaks into their system and steals it. Or someone abroad takes it and is out of the UK's jurisdiction.
There are criminal offences covering selling of that data, or storing it in such a way that it is released, or moving the data out of the UK.
There are problems with confidentiality of data in the NHS, but this isn't one of those examples. Have a look at any of the very many examples of anonymised information released by the NHS and see if it's possible to deanonymise it.
It's important to note that this story is only about the new development of information held by GPs. A similar scheme has been running for a while now covering information held by hospitals.
http://www.connectingforhealth.nhs.uk/systemsandservices/inf...
Have a look at some UK medical information and see if you can de-anonymise it.
http://www.ons.gov.uk/ons/rel/subnational-health4/suicides-i...
Here's some data for suicide.
There are problems with confidentiality in the NHS - people leave patient records on monitors or send letters to the wrong address. But this kind of project is very different.