top of page

The General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a new law that determines how personal data is processed and kept safe, and the legal rights that an individual has in relation to their own data

The regulation applies from 25th May 2018 and will apply even after the UK leaves the EU

The GDPR sets out the key principles about processing personal data for patients

  • Data must be processed lawfully, fairly & transparently

  • It must be collated for specific, explicit & legitimate purposes

  • It must be limited to what is necessary for the purposes for which it is provided

  • Information must be accurate and kept up to date

  • Data must be kept securely

  • It can only be retained for as long as necessary for the reasons it was collected

There are also more robust rights for patients regarding the information we hold about them, including:

  • Being informed about how data is used

  • Having access to their own data

  • The right to have incorrect data changed

  • The right to restrict how their data is used

  • Moving patient data from one health organisation to another

  • The right to object to their patient information being processed

For information regarding General Practice Data for Planning and Research please click here.

Any Questions?


What is the difference between GDPR and the Data Protection Act (DPA)?  The GDPR is similar but strengthens the DPA's principles.  The main changes are:

  • Practices must comply with subject access requests

  • Where we need your consent to process data this consent must be freely given, specific, informed and unambiguous

  • There are new special protections for patient data

  • The practice must inform the Commissioner's Office within 72 hours of any data breach


What is patient data?  Patient data is information that relates to a single person such as name, age, medical history & diagnosis

What is Consent?  Consent is permission from a patient.  The changes in GDPR mean we must get explicit permission from patients when using theor data.  This is to protect your right to privacy and we may ask you to provide consent to do certain things such as recording information for your clinical records or to contact you

Call Recording - please note that incoming calls  are recorded.  The purpose of call recording is to provide a record of incoming calls which can:

  • Identify practice staff training needs

  • Protect practice staff from nuisance or abusive calls

  • Establish facts relating to calls eg complaints

  • Identify any issues in practice processes with a view to improving them

bottom of page