GENERAL DATA PROTECTION REGULATION (GDPR) & DATA PROTECTION ACT 2018

Abbey Family Practice complies with the General Protection Data Regulations 25 May 2018.

General Data Protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data. The regulation applies from 25 May 2018 and will apply even after the UK leaves the EU.  The GDPR is similar to the Data Protection Act (DPA) 1998 but strengthens many of the DPA’s principles.  Patient data refers to all the information we hold in relation to a single patient, such as name, age, address; medical history, medication history etc.

The main changes with GDPR are:

• Practices must comply with subject access requests (SARS) – requests to access your medical records.
• Where we need your consent to process data, this consent must be freely given, specific, informed and clear.
• There are new, special protections for patient data.
• The Information Commissioner’s Office must be notified within 72 hours of a data breach and a fine may be imposed for data breach.

Please read the documents below for further information.