GDPR
What is GDPR?
The General Data Protection Regulation is a new EU law that replaced the Data Protection Act on the 25th of May 2018.
Although the new regulation is an EU initiative it will continue to apply when the UK leave the EU.
The GDPR sets out the key principles about procession personal data, for patients or staff.
- Data must be processed lawfully, fairly and transparently
- It must be collected for specific, explicit and legitimate purposes
- It must be limited to what is necessary for the purposes for which it is processes
- Information must be accurate and kept up to date
- Data must be held securely
- It can only be retained for as long as is necessary for the reasons it was collected
There are also stronger rights for patients regarding the information that the Practice holds about them, including:
- Being informed about how their data is used
- Patients have the right to access their own data
- Patients can ask to have incorrect information changed
- Restrict how their data is used
- Move their patient data from one health organisation to another
- The right to object to their patient information being processed (in certain circumstances)
Privacy Notice
Our privacy notice explains why we collect information about you, how that information may be used and how we keep it safe and confidential.
Subject Access Request
A Subject Access Request give you access to the information we hold about you. Please see our leaflet below for more information.
If you wish to request access to your health records in accordance with GDPR please completed the following form:
Call Recording
Please note that this practice records its calls for training and quality purposes.
CCTV
Please note that this Practice uses CCTV.
