General Data Protection Regulation (GDPR)
This is the new EU legislation to protect personal data which came into force on 25th May 2018.
The current data protection principles have been amended under the GDPR to make it easier for individuals to access information about them.
Under the GDPR:-
- Consent is required from data subject to process their data
- Patient has right to withdraw consent.
- Data Subject Access Requests should be responded to within a month and not chargeable.
Our practice must be complaint and show that we are, know what data we hold and why we have it, what information we hold and what we do with it (Privacy notice) and provide proof of consent and lawful basis of processing.