General Data Protection Regulations (GDPR)

What is GDPR?

GDPR determines how your personal data is processed and kept safe, and the legal right that you have in relation to your own data.

The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles.

The main changes are:

  • Higher fines for data breaches – up to 20 million euros
  • Practices must comply with subject access requests
  • Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
  • There are new, special protections for patient data
  • The Information Commissioner’s Office must be notified within 3 days of a data breach

Data Protection Officer (DPO)

Under the GDPR, it is mandatory for certain controllers and processors to designate a Data Protection Officer (DPO). Our designated DPO is:

Caroline Dominey-Strange

BA, MSc Econ | GP Data Protection Officer (Gloucestershire) & Information Governance Manager | Governance Services NHS South, Central and West

She can be reached via our practice manager, Sandra Geddes on sandragedddes@nhs.net.

Our Privacy Notice is currently being updated to reflect temporary changes made due to the Covid-19 crisis and will be published shortly.

Please also find more information at: