Menu Home Search

The General Data Protection Regulation (GDPR)

Updated on Wednesday, 7 March 2018, 2020 views

The GDPR will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the DPA – ie the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR. If you are a proces-sor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR. However, if you are a con-troller, you are not relieved of your obligations where a processor is involved – the GDPR places further obliga-tions on you to ensure your contracts with processors comply with the GDPR.

Read the full guidance on the ICO website

The GPC have published guidance for practices

The guidance sets out the main themes of the legislation and what you need to do to ensure compliance, including:

 

Related guidance...

GDPR- Headline Requirements with GPC and NHS Digital guidance

NHS Digital have now published a GDPR guidance note . This guidance is from the national GDPR working group and Information Governance...

Somerset LMC Weekly Update Friday 9 March 2018

Sent all Somerset GPs and Practice Managers This and previous updates can be found here Workload control in general practice GP...

Somerset LMC Weekly Update Friday 2nd March 2018

All Somerset GPs and Practice Managers Communication, Communication, Communication the latest Blog from LMC Chairman Dr Nick Bray “Last...

Somerset LMC Weekly Update Friday 29th June 2018

All Somerset GPs and Practice Managers This and previous updates can be found here GDPR Subject Access Requests (SARs) by...

Access to medical reports for insurance purposes

Access to Medical Reports Act 1998 has replaced the use of Subject Access Requests for insurance purposes We have been aware for some...

Insurance and Other Third Party Reports

Insurance Reports using the Data Protection Act Increasingly , insurance companies have taken to submitting requests for full copies...

Workforce Minimum Data Set

Workforce Minimum Data Set - GPC Focus on May 2017 Introduction The GPC has been active in dialogue with the Department of Health...

Somerset LMC Weekly Update Friday 23rd October 2020

Sent to all Somerset GPs and Practice Managers This and previous updates are available here New advice for patients at high...

Online Patient Services for Children

Practices may get requests from patients for online access to their records from children below the age of 16 who are classed as Fraser...

C THE SIGNS PATIENT CONSENT TO DATA UPLOAD

C THE SIGNS PATIENT CONSENT TO DATA UPLOAD The LMC has heard concerns about patient consent to upload data to the C the Signs platform....