Binscombe Medical Centre

106 Binscombe

Godalming GU7 3PR

01483 415 115

© 2015 Binscombe Medical Centre

The General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a new law that determines how personal data is processed and kept safe, and the legal rights that an individual has in relation to their own data

The regulation applies from 25th May 2018 and will apply even after the UK leaves the EU

The GDPR sets out the key principles about processing personal data for patients

  • Data must be processed lawfully, fairly & transparently

  • It must be collated for specific, explicit & legitimate purposes

  • It must be limited to what is necessary for the purposes for which it is provided

  • Information must be accurate and kept up to date

  • Data must be kept securely

  • It can only be retained for as long as necessary for the reasons it was collected

There are also more robust rights for patients regarding the information we hold about them, including:

  • Being informed about how data is used

  • Having access to their own data

  • The right to have incorrect data changed

  • The right to restrict how their data is used

  • Moving patient data from one health organisation to another

  • The right to object to their patient information being processed

Any Questions?

 

What is the difference between GDPR and the Data Protection Act (DPA)?  The GDPR is similar but strengthens the DPA's principles.  The main changes are:

  • Practices must comply with subject access requests

  • Where we need your consent to process data this consent must be freely given, specific, informed and unambiguous

  • There are new special protections for patient data

  • The practice must inform the Commissioner's Office within 72 hours of any data breach

 

What is patient data?  Patient data is information that relates to a single person such as name, age, medical history & diagnosis

What is Consent?  Consent is permission from a patient.  The changes in GDPR mean we must get explicit permission from patients when using theor data.  This is to protect your right to privacy and we may ask you to provide consent to do certain things such as recording information for your clinical records or to contact you