This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.


What is GDPR?

GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed. This new law applies from May 25th 2018

The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:

            Practices must comply with subject access requests

            Where we needs your consent to process data, this consent must be freely given,   specific, informed and unambiguous

            There are new, special protections for patient data

            The Information Commissioner’s Office must be notified within 72 hours of a data breach

            Higher fines for data breaches – up to 20 million euros





What does GDPR mean for patients?

The GDPR sets out the key principles about processing personal data for patients and staff:

  • Data must be processed lawfully, fairly and transparently
  • It must be collected for specific, explicit and legitimate purposes
  • It must be limited to what is necessary for the purpose for which it is processed
  • Information must be accurate and kept up to date
  • Data must be held securely
  • It can only be retained for as long as is necessary for the reasons it was collected

There are also strong rights for patients regarding the information that practices hold about them. These include:

Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website