What is GDPR?
The General Data protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data.
The GDPR is similar to the Data Protection Act (DPA) 1998, which the Practice already complies with, but GDPR strengthens many of the DPA principles.
The main changes are:
- Practices must comply with Subject Access Request (SARs)
- Where we need your consent to process data, this consent must be given freely, it must be specific, informed and unambiguous
- There are new, special protections for patient data
- The Information Commissioner's Office (ICO) must be notified within 72 hours of a data breach
- Higher fines for data breaches- up to 20 million euros
The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records. individuals also have the right to withdraw their consent at any time.
Your Data Controller:
Oldham Medical Services
Langham House, 368 Ashton Road, Oldham, OL8 3HF
Tel: 0161 624 4716
** For data issues please ask for the Manager **
To access more information regarding data protection and GDPR you can download the leaflet below or click on 'Practice Polices' or 'Sharing your Medical Data'on the right hand side of the web page.
GDPR Practice Leaflet