GDPR - General Data Protection


The GDPR and Data Protection Act 2018 replace the Data Protection Act 1998 with an updated and strengthened data protection framework, however, the key principles of the original Act remain unchanged. The most relevant changes for GPs in their role as data controllers are highlighted in the box below.

  • Compliance must be actively demonstrated, for example it will be necessary to:
    • keep and maintain up-to-date records of the data flows from the practice and the legal basis for these flows; and
    • have data protection policies and procedures in place.
  • More information is required in 'privacy notices' for patients.
  • A legal requirement to report certain data breaches.
  • Significantly increased financial penalties for breaches as well as non-compliance.
  • Practices will not be able to charge patients for access to medical records (save in exceptional circumstances).
  • Designation of Data Protection Officers

How we use your information

We have produced a leaflet that explains:

  • Why Stenhouse collects information about you and how it is used
  • Who we may share information with
  • Your right to see your health records and how we keep your records confidential

Click here How We Use Your Information to download this leaflet

Data Protection Officer

The Stenhouse Data Protection Officer is Paul Couldrey of PCIG Consulting Limited. Any queries in regard to Data Protection issues should be addressed to him at:


Postal: PCIG Consulting Limited, 7 Westacre Drive, Quarry Bank, Dudley, West Midlands DY5 2EE.

Privacy Notice

Below is a statement of the Stenhouse Privacy Notice. This Privacy Notice lets you know what happens to any personal data that you give to us, or that we may collect from or about you. A copy can be downloaded from here: Privacy Notice