The practice complies with data protection and access to medical records legislation.  The General Data Protection Regulations (GDPR) is a piece of legislation that supersedes the Data Protection Act. It not only applies to the UK and EU but it also covers anywhere in the world in which data about UK or EU citizens is processed.

The GDPR is similar to the Data Protection Act, which the practice already complied with, but strengthens many of the DPA’s principles. The main changes are:

• Practices must comply with subject access requests
• Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
• There are new, special protections for patient data. Patient data is information that relates to a single person, such as diagnosis, name, age, earlier medical history etc
• The Information Commissioner’s Office must be notified within 72 hours of a data breach

Please click on the link below to read our privacy notice, which explains why the practice collects information about you, how the information is used, how it is kept safe and confidential and what your rights are in relation to this.

• Patient Privacy Notice
• Appendix A for Privacy Notice
• COVID-19 Privacy Notice