General Data Protection Regulation (GDPR) The GDPR will become law on 25 May 2018. It strengthens the controls that organisations (controllers) are required to have in place over the processing of personal data, including pseudonymised personal data. GP practices must ensure they - Appoint a Data Protection Officer (DPO)
- Demonstrate that they comply with the new law
- Do not charge, in most cases, for providing copies of records to patients or staff who request them.
- Keep records of data processing activities.
- Systems in place for transparency and fair processing.
- Address Data Protection issues in all information processes.
- Complete Data Protection Impact Assessment for high risk processing
There is a legal requirement for security breach notification and significantly increased penalties for any breach of the Regulation We are confident that we adhere to these new requirements and are able to keep your data safe and secure as we do not share it with any third parties outside of the NHS without your explicit consent |