Severn View Family Practice

"Delivering the right care to the right people at the right time"

Data protection rules update – GPDR what does it mean for patients?

What is GDPR?

The General Data Protection Regulation (GDPR) is the latest update to the Data Protection Act 1998 regulation and will apply from 25th May 2018. The legislation strengthens existing requirements, introduces new concepts and imposes greater emphasis on demonstrating compliance and significantly greater penalties for wrongdoings.

What are your rights?

Your fundamental rights have not changed, but they have been enhanced. As an individual you have the right to:

  • Know what data is collected about you, what it is used for, how long it will be kept and who it is shared with
  • Access your personal data
  • Request that inaccurate data about you is corrected or that incomplete data is completed
  • Ask for personal data held about you to be removed from your records (This is likely to exclude information that is necessary to your care)
  • Restrict processing of your personal data which means you can limit how your data is used by us
  • Data portability (this is new) – allows individuals to obtain and reuse their personal data for their own purposes across different services (ICO, no date)
  • Object to the processing or use of your personal data
  • To not be subject to automated decision-making including profiling

More information about your rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Please note that the practice does not assume any responsibility for the information detailed on the ICO website.

Our duty

Our duty as a data controller is to share with you how we intend to use your information. This intention is detailed within a privacy notice that is available in the Surgery as well as here. Please see the resources below.

Data Protection Officer (DPO)

A DPO is a designated individual who takes responsibility for data protection and compliance.

Our identified DPO is: Mrs Emma Williams, Strategic Practice Manager

GDPR patient resources:

Patient Privacy Notice (Adult)

References:

Information Commissioner’s Office (no date.) ‘Right to Data Portability’. Available at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/ [Accessed: 13 June 2018]