General Data Protection Regulation (GDPR)

This is an EU law that determines how your personal data is processed and kept safe and the legal rights you have in relation to your own data.

This regulation came into effect on 25th May 2018

What does GDPR mean:

  • Data must be processed lawfully, fairly and transparently
  • It must be collected for specific, explicit and legitimate purposes
  • It must be limited to what is necessary for the purposes for which it is processed
  • Information must be accurate and up to date
  • Data must be held securely
  • It can only be retained for as long as is necessary for the reasons it was collected

Patient’s rights regarding the information that practices hold about them which include:

  • Being informed about how their data is used
  • Patients to have access to their own data
  • The right to request incorrect information is changed
  • The right to restrict how their data is used
  • The right to move patient data from one health organisation to another
  • The right to object to their patient data being processed (in certain circumstances)

Practice Privacy Notice

Our Privacy Notice explains why we collect information about you and how that information may be used to deliver your personal care and manage the local health and social care system.

The notice reflects:

  • What information we collect about you
  • How and why we use that information
  • How we retain your information and keep it secure
  • Who we share your information with and why we do this

The notice also explains your rights in relation to consent to use your information, the right to control who can see your data and how to seek advice and support if you feel that your information has not been used appropriately.

Practice Privacy Notice

The use of SMS Messages for telephone appointments

We are increasingly using SMS messaging to request information or photos when patients book a telephone appointment.  The document below gives guidance as to the security and Information Governance of photos and how and where this is stored.

Data Protection Impact Assessment (DPIA)

Please have a look at the information leaflets below which are clear guides as to what information we collect about you, how we use it, how you can opt out of data collection if you do not wish to share your information and how you can request access to the information we hold about you.

Adult Privacy Information Leaflet

Childrens Privacy Information Leaflet

Subject Access Request (SAR)

A Subject Access Request gives you access to the information we hold about you.  Please use the form below if you wish to request access to your health records in accordance with GDPR

Subject Access Request form