What is GDPR?
The General Data Protection Regulation is a new EU law that replaced the Data Protection Act on the 25th of May 2018.
Although the new regulation is an EU initiative it will continue to apply when the UK leave the EU.
The GDPR sets out the key principles about procession personal data, for patients or staff.
- Data must be processed lawfully, fairly and transparentl
- It must be collected for specific, explicit and legitimate purposes
- It must be limited to what is necessary for the purposes for which it is processe
- Information must be accurate and kept up to fat
- Data must be held securel
- It can only be retained for as long as is necessary for the reasons it was collected
There are also stronger rights for patients regarding the information that the Practice holds about them, including:
- Being informed about how their data is used
- Patients have the right to access their own data
- Patients can ask to have incorrect information change
- Restrict how their data is use
- Move their patient data from one health organisation to anothe
- The right to object to their patient information being processed (in certain circumstances)
Our privacy notice explains why we collect information about you, how that information may be used and how we keep it safe and confidential.
Information leaflets can be found below which are clear guides as to what information we collect about you, how we use it, how you can opt out of data collection if you do not wish to share your information and how you can request access to the information we hold about you.
Children's Privacy Leaflet
Adult Privacy Leaflet
Subject Access Request
A Subject Access Request give you access to the information we hold about you. Please see our leaflet below for more information.
If you wish to request access to your health records in accordance with GDPR please completed the following form: