What is GDPR?
GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed. The regulation applies from 25 May 2018, and will apply even after the UK leaves the EU.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
- Practices must comply with subject access request and take one month to complete
- In certain cases if we believe the request to be manifestly unfounded, excessive or repetitive in nature we may charge a reasonable fee and request an extension of an additional month
- We need your consent to process data, this consent must be freely given, specific, informed and unambiguous
- There are new, special protections for patient data
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
- Higher fines for data breaches – up to 20 million euros
What GDPR will mean for patients?
The GDPR sets out the key principles about processing personal data, for staff or patients
- Data must be processed lawfully, fairly and transparently.
- It must be collected for specific, explicit and legitimate purposes.
- It must be limited to what is necessary for the purpose for which it is processed.
- Information must be accurate and kept up to date
- Data must be held securely.
- It can only be retained for as long as is necessary for the reasons it was collected.
There are also stronger rights for patients regarding the information that practices hold about them. These Include:
- Being informed about how their data is used.
- Patients have access to their own data
- Patients can ask to have incorrect information changed.
- Restrict how their data is used.
- Move their patient data from one health organisation to another.
- The right to object to their patient information being processed (in certain circumstances)
Privacy Notice
Our Privacy Notice explains why we collect information about you and how that information may be used to deliver your direct care and manage the local health and social care system.
The notice reflects:
- What information we collect about you;
- How and why we use that information;
- How we retain your information and keep it secure;
- Who we share you information with and why we do this.
The notice also explains your rights in relation to consent to use your information, the right to control who can see your data and how to seek advice and support if you feel that your information has not been used appropriately.
Please download the Privacy Notice for our practice (PDF, 179KB)
Please download our Privacy Information leaflet for the patients (PDF, 100KB)
Research Studies
Ladygate Lane Surgery is pleased to be able to offer our registered population the opportunity to be involved in various research studies. Research studies have the potential to lead to earlier diagnosis, prevention of future ill-health and improved treatments. So that our population can get involved in research we will be extending our partnership with The Confederation Hillingdon, who already provide multiple clinical services, to provide a Centralised Research Hub. Members of the Research Hub in Hillingdon will contact you directly to invite you to take part in appropriate research opportunities, which you can either accept or decline. If you have any queries, please read our practice Privacy notice. Download the privacy notice for research studies (PDF, 172KB). If you have further queries or wish not to be contacted regarding research, you can find more information about how to opt out here www.nhs.uk/your-nhs-data-matters