This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.

General Data Protection Regulations (GDPR)

What is GDPR?

GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act 1998. The regulation applies from 25 May 2018, and will apply even after the UK leaves the EU.

It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.

It determines how your personal data is processed and kept safe, and the legal right that you have in relation to your own data.

The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles.

The main changes are:

  • Higher fines for data breaches – up to 20 million euros

  • Practices must comply with subject access requests
  • Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
  • There are new, special protections for patient data
  • The Information Commissioner’s Office must be notified within 72 hours of a data breach

 

Data Protection Officer (DPO)

Under the GDPR, it is mandatory for certain controllers and processors to designate a Data Protection Officer (DPO). Our designated DPO is the Practice Manger.

Our Privacy Notice can be accessed here Privacy Notice

A Patient Leaflet on 'How we use your information' can be found here Patient Information Leaflet - How we use your information

The form to request 'Patient Online Access' to your computer medical record can be found here Patient Online Access Request Form



Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website