What is GDPR?
GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed. The regulation applies from 25 May 2018, and will apply even after the UK leaves the EU.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
- Practices must comply with subject access request and take one month to complete
- In certain cases if we believe the request to be manifestly unfounded, excessive or repetitive in nature we may charge a reasonable fee and request an extension of an additional month
- We need your consent to process data, this consent must be freely given, specific, informed and unambiguous
- There are new, special protections for patient data
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
- Higher fines for data breaches – up to 20 million euros
What GDPR will mean for patients?
The GDPR sets out the key principles about processing personal data, for staff or patients
- Data must be processed lawfully, fairly and transparently.
- It must be collected for specific, explicit and legitimate purposes.
- It must be limited to what is necessary for the purpose for which it is processed.
- Information must be accurate and kept up to date
- Data must be held securely.
- It can only be retained for as long as is necessary for the reasons it was collected.
There are also stronger rights for patients regarding the information that practices hold about them. These Include:
- Being informed about how their data is used.
- Patients have access to their own data
- Patients can ask to have incorrect information changed.
- Restrict how their data is used.
- Move their patient data from one health organisation to another.
- The right to object to their patient information being processed (in certain circumstances)
Our Privacy Notice explains why we collect information about you and how that information may be used to deliver your direct care and manage the local health and social care system.
The notice reflects:
- What information we collect about you;
- How and why we use that information;
- How we retain your information and keep it secure;
- Who we share you information with and why we do this.
The notice also explains your rights in relation to consent to use your information, the right to control who can see your data and how to seek advice and support if you feel that your information has not been used appropriately.
Please download the Privacy Notice for our practice below:
Click here to download (PDF, 179KB)
Please download our Privacy Information leaflet for the patients:
Click here to download (PDF, 100KB)