What is GDPR?
The General Data Protection Regulation (GDPR) is the latest update to the Data Protection Act 1998 regulation and will apply from 25th May 2018. The legislation strengthens existing requirements, introduces new concepts and imposes greater emphasis on demonstrating compliance and significantly greater penalties for wrongdoings.
What are your rights?
Your fundamental rights have not changed, but they have been enhanced. As an individual you have the right to:
- Know what data is collected about you, what it is used for, how long it will be kept and who it is shared with
- Access your personal data
- Request that inaccurate data about you is corrected or that incomplete data is completed
- Ask for personal data held about you to be removed from your records (This is likely to exclude information that is necessary to your care)
- Restrict processing of your personal data which means you can limit how your data is used by us
- Data portability (this is new) – allows individuals to obtain and reuse their personal data for their own purposes across different services (ICO, no date)
- Object to the processing or use of your personal data
- To not be subject to automated decision-making including profiling
Please note that the practice does not assume any responsibility for the information detailed on the ICO website.
Our duty as a data controller is to share with you how we intend to use your information. This intention is detailed within a privacy notice that is available in the Surgery as well as here. Please see the resources below.
Data Protection Officer (DPO)
A DPO is a designated individual who takes responsibility for data protection and compliance.
Our identified DPO is: Mrs Emma Williams, Strategic Practice Manager