General Data Protection Regulations (GDPR)
GDPR is a new piece of legislation which will update the Data Protection Act we are used to from Friday 25th May 2018. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
- Practices must comply with subject access requests within 1 month
- Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
- Higher fines for data breaches – up to 20 million euros
What is "Patient data"?
Patient data is any information which relates to an individual, such as their diagnosis, name, age, past medical history etc.
What is "consent"?
Consent is permission from a patient - an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”
The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.
Individuals also have the right to withdraw their consent at any time.
Being transparent and providing accessible information to patients about how we will use your personal information is a key element of the GDPR Regulations.
The following notice reminds you of your rights in respect of the above legislation and how The Clays Practice will use your information for lawful purposes in order to deliver your care and the effective management of the local NHS system.
This notice reflects how we use information for:
- The management of patient records;
- Communication concerning your clinical, social and supported care;
- Ensuring the quality of your care and the best clinical outcomes are achieved through clinical audit and retrospective review;
- Participation in health and social care research; and
- The management and clinical planning of services to ensure that appropriate care is in place.
As your registered GP practice, we are the data controller for any personal data that we hold about you.