General Data Protection

The General DATA Protection Regulation (GDPR) sets out the key principles about processing personal data, for staff or patients;

  • Data must be processed lawfully, fairly and transparently
  • It must be collected for specific, explicit and legitimate purposes
  • It must be limited to what is necessary for the purposes for which ti is processed
  • Information must be accurate and kept up to date
  • Data must be held securely
  • I can only be retained for as long as is necessary for the reasons it was collected

    There are also stronger rights for patients regarding the information that practices hold about them, These include;

  • Being informed about how their data is used
  • Patients to have access to their own data
  • Patients can ask to have incorrect information changed
  • Restrict how their data is used
  • Move their patient data from one health organization to another
  • The right to object to their patient information being processed (in certain circumstances)