GPDR General data protection regulation

The General Data Protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data.  The regulation applies from 25 May 2018, and will apply even after the UK leaves the EU.

The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are: 

What is ‘Patient Data’? 

Patient data is information that relates to a single person, such as his/her diagnosis, name, age, earlier medical history etc 

What GDPR will mean for patients  The GDPR sets out the key principles about processing personal data, for staff or patients

There are also stronger rights for patients regarding the information that practices hold about them. These include:

What is Consent? 

Consent is permission from a patient – an individual’s consent is defined as “any freely given specific and informed indication of his/her wishes by which the data subject signifies his/her agreement to personal data relating to him/her being processed.” 

The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records. Individuals also have the right to withdraw their consent at any time 

Subject Access Request 

Privacy Notice 

Please click on the hyperlink to access our privacy notice