General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data.  The GDPR and the Data Protection Act 2018 will replace the existing Data Protection Act 1998.

The regulation applies from the 25th May 2018.

What GDPR means for patients:

  • Data must be processed lawfully, fairly and transparently
  • It must be collected for specific, explicit and legitimate purposes
  • It must be limited to what is necessary for the purposes for which it is processed
  • Information must be accurate and kept up to date
  • Data must be held securely
  • It can only be ratained for as long as is necessary for the reasons it was collected

Rights for patients about the information that practices hold:

  • Being informed of how your data is being used
  • You have access to your own data
  • You can ask to have incorrect information changed
  • Restrict how your data is used
  • To move your data from one health organisation to another
  • The right to object to your information being processed (in certain circumstances)

Click here to read our subject access request policy

Click here to read our Privacy Notice – How we use your information to provide you with healthcare