What is GDPR?
GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act 1998. The regulation applies from 25 May 2018, and will apply even after the UK leaves the EU.
It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
It determines how your personal data is processed and kept safe, and the legal right that you have in relation to your own data.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles.
The main changes are:
- Higher fines for data breaches – up to 20 million euros
- Practices must comply with subject access requests
- Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
- There are new, special protections for patient data
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
Data Protection Officer (DPO)
Under the GDPR, it is mandatory for certain controllers and processors to designate a Data Protection Officer (DPO). Our designated DPO is the Practice Manger.
Our Privacy Notice can be accessed here Privacy Notice
A Patient Leaflet on 'How we use your information' can be found here Patient Information Leaflet - How we use your information
The form to request 'Patient Online Access' to your computer medical record can be found here Patient Online Access Request Form