General Data Protection Regulations (GDPR)
What is GDPR?
The General Data Protection Regulation (GDPR) is a new EU regulation that comes into force on 25th May 2018. The GDPR will replace the existing data protection legislation including the UK Data Protection Act 1998.
Who does GDPR apply to?
The GDPR applies to all individuals and organisations with day-to-day responsibilities for data protection.
What does this mean for patients?
- must be processed lawfully, fairly and transparently.
- collected for specific, explicit and legitimate purposes.
- must be limited to what is necessary for the purposes for which it is processed.
- must be accurate and kept up to date.
- must be held securely.
- it can only be retained for as long as is necessary for the reasons it was collected.
Further information can be found on our Privacy Statement.
Privacy Statement for Patients
How we use your records - important information for patients
- This practice handles medical records in-line with laws on data protection and confidentiality.
- We share medical records with those who are involved in providing you with care and treatment.
- In some circumstances we will also share medical records for medical research, for example to find out more about why people get ill.
- We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care provided to you is safe.
- You have the right to be given a copy of your medical record.
- You have the right to object to your medical records being shared with those who provide you with care.
- You have the right to object to your information being used for medical research and to plan health services.
- You have the right to have any mistakes corrected and to complain to the Information Commissioner's Office.