What is GDPR?
The General Data Protection Regulation (GDPR) is the latest update to the Data Protection Act 1998 regulation and will apply from 25th May 2018. The legislation strengthens existing requirements, introduces new concepts and imposes greater emphasis on demonstrating compliance and significantly greater penalties for wrongdoings.
What are your rights?
Your fundamental rights have not changed, but they have been enhanced. As an individual you have the right to:
- Know what data is collected about you, what it is used for, how long it will be kept and who it is shared with
- Access your personal data
- Request that inaccurate data about you is corrected or that incomplete data is completed
- Ask for personal data held about you to be removed from your records (This is likely to exclude information that is necessary to your care)
- Restrict processing of your personal data which means you can limit how your data is used by us
- Data portability (this is new) – allows individuals to obtain and reuse their personal data for their own purposes across different services (ICO, no date)
- Object to the processing or use of your personal data
- To not be subject to automated decision-making including profiling
More information about your rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Please note that the practice does not assume any responsibility for the information detailed on the ICO website.
Our duty
Our duty as a data controller is to share with you how we intend to use your information. This intention is detailed within a privacy notice that is available in the Surgery as well as here. Please see the resources below.
The Data protection regulations are changing on the 25th May 2018, with the introduction of the General Data Protection Regulation 2018, to ensure that we are inline with these changes please see the updated documents below.
In light of the current crisis, we have received updated legal requirements with regard to COVID-19. Please see COVID-19 privacy notice for further details.
This practice is supporting vital coronavirus (COVID-19) planning and research by sharing your data with NHS Digital. For more information about this see the General Practice Transparency Notice for GPES Data for Pandemic Planning and Research (COVID-19).
Policies
Recruitment privacy Policy
Recruitment Privacy Policy
Practice Privacy Notice
The Medical Centre Privacy Policy
How we use your information leaflet
How we use your Information poster
GDPR Poster
NHS Digital General Practice Data for Planning and Research
This practice is supporting vital health and care planning and research by sharing your data with NHS Digital. For more information about this see our Privacy Notice above.
Further information can be found on the NHS Digital website:
https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research
This collection will start on 01 September 2021.
If you do not want your data to be shared with NHS Digital, please register your Type 1 opt-out with us BEFORE the end of August 2021.
What data is shared:
Data may be shared from the GP medical records about:
- any living patient registered at a GP practice in England when the collection started - this includes children and adults
- any patient who died after 1 July 2021, and was previously registered at a GP practice in England when the data collection started
NHS Digital will not collect patients’ names or addresses. Any other data that could directly identify patients (such as NHS Number, date of birth, full postcode) is replaced with unique codes which are produced by de-identification software before the data is shared with NHS Digital.
This process is called pseudonymisation and means that patients will not be identified directly in the data. NHS Digital will be able to use the software to convert the unique codes back to data that could directly identify patients in certain circumstances, and where there is a valid legal reason.
If you would prefer that your identifiable patient data is only shared for your own health care purposes, you can opt-out by registering a Type 1 Opt-out or a National Data Opt-out, or both.
Type 1 opt out Form
Type 1 Opt out form
National Opt Out
Your health records contain a type of data called confidential patient information.
This data can be used to help with research and planning. You can choose to stop your confidential patient information being used for research and planning. You can also make a choice for someone else like your children under the age of 13. NHS Digital will never sell your data. There are strict rules about how NHS can use your data. It's only shared securely and safely. Shared data helps the NHS. It has been used to find the first treatment for coronavirus and for vaccine research.
If you're happy with your confidential patient information being used for research and planning you do not need to do anything.
Any choice you make will not impact your individual care. Please click on the link to find out more and opt out if you wish to do so.
https://www.nhs.uk/your-nhs-data-matters/
Further information is available below: