GDPR! : What is it and What Does it Mean For You?
GDPR stands for General Data Protection Regulations and is a relatively new piece of legislation that coincides with the new 2018 Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
There are similarities to the Data Protection Act (DPA) 1998 (which the practice already complied with), but strengthens many of the DPA’s principles. The main changes are:
• Practices must comply with subject access requests
• Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
• There are new, special protections for patient data
• The Information Commissioner’s Office must be notified within 72 hours of certain data breaches
• Higher fines for data breaches – up to 20 million euros
What is consent?
Consent is permission from a patient – an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”
The changes in GDPR and the Data Protection Act 2018 mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.
Individuals also have the right to withdraw their consent at any time.
Patient Privacy Notices
Privacy Notice - How Cricketfield Surgery uses your information to provide you with healthcare
Privacy Notice - How your information is used for medical research and to measure the quality of care
Privacy Notice - How your information is shared so that this practice can meet legal requirements
Privacy Notice - National Screening Programmes
Subject Access Request Policy and Form
Confidentiality of Patient Data
Confidentiality Policy - Teenagers
Data Protection Policy
Freedom of Information Policy