The GDPR and Data Protection Act 2018 replace the Data Protection Act 1998 with an updated and strengthened data protection framework, however, the key principles of the original Act remain unchanged. The most relevant changes for GPs in their role as data controllers are highlighted in the box below.
- Compliance must be actively demonstrated, for example it will be necessary to:
- keep and maintain up-to-date records of the data flows from the practice and the legal basis for these flows; and
- have data protection policies and procedures in place.
- More information is required in 'privacy notices' for patients.
- A legal requirement to report certain data breaches.
- Significantly increased financial penalties for breaches as well as non-compliance.
- Practices will not be able to charge patients for access to medical records (save in exceptional circumstances).
- Designation of Data Protection Officers
How we use your information
We have produced a leaflet that explains:
- Why Stenhouse collects information about you and how it is used
- Who we may share information with
- Your right to see your health records and how we keep your records confidential
Click here How We Use Your Information to download this leaflet
Data Protection Officer
The Stenhouse Data Protection Officer is Paul Couldrey of PCIG Consulting Limited. Any queries in regard to Data Protection issues should be addressed to him at:
Postal: PCIG Consulting Limited
7 Westacre Drive
A copy of the practice Privacy notice is available to download here: