The General Data Protection Regulation (GDPR) is Europe's new framework for data protection laws. It replaces the previous 1995 data protection directive, which current UK law is based upon.  The new regulation takes effect from 25 May 2018. It will be enforced by the Information Commissioner's Office (ICO).  The Government has confirmed that the UK's decision to leave the European Union will not alter this.

The Six Principles of General Data Protection Regulation

1. Lawfulness, fairness and transparency. Transparency: Tell the subject what data processing will be done. ...
2. Purpose limitations. ...
3. Data minimisation. ...
4. Accuracy...
5. Storage limitations. ...
6. Integrity and confidentiality.

Data Protection Notice

1. About the personal information we use

Dailly Medical Practice use personal information on different groups of individuals including:

• Patients
• Staff
• Contractors
• Suppliers
• Complainants, enquirers
• Survey respondents
• Professional experts and consultants

The personal information we use includes information that identifies you like your name, address, date of birth and postcode.

If you wish access to your medical records we ask that you make a request in writing to the practice.  Your request will be passed to your registered doctor and within 14 days of your request you will receive by post a 30 minute appointment for you to see your information in the presence of your doctor.   A copy of your medical records can be given if required.

Data Protection Act 1988 works in 2 ways:

• It says anyone who records and uses personal information (data controllers) must be open about how the information is uses and must follow eight principles of good information handling.
• It also gives us all as individuals (data subjects) certain rights, including the right to see information that is held about us and to have it corrected if it’s wrong.

The Eight Data Protection Principles say that data must be:

1. Fairly and lawfully processed;
2. Processed for limited purposes;
3. Adequate, relevant and not excessive;
4. Accurate;
5. Not kept longer than is necessary;
6. Processed in line with the data subject’s rights;
7. Secure;
8. Nor transferred to countries outside the EU without adequate protection

The principles protect us all as individuals, but following the principles also makes sound business sense.  For example, sending out a mailing from incorrect or out of date records is not only a breach of the principles but could also annoy your customers and waste your time and money.