Privacy

Privacy notice

As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.

We ask you for personal information so that you can receive appropriate care and treatment. This information is recorded on computer and we are registered under the Data Protection Act. The practice will ensure that patient confidentiality is maintained at all times by all members of the practice team. However, for the effective functioning of a multi-disciplinary team it is sometimes necessary that medical information about you is shared between members of the team.

We comply with the eight enforceable principles of good practice which say that data must be:

  • Fairly and lawfully processed.
  • Processed for limited purposes.
  • Adequate, relevant and not excessive.
  • Accurate
  • Not kept longer than necessary.
  • Processed in accordance with the data subjects rights.
  • Secure.
  • Not transferred to countries which do not have adequate protection.

General Date Protection Regulation (GDPR) updates the Data Protection Act 1998

Your information is confidential. However, you can choose to Opt out of data sharing. Click on the link Opting out explained for more information and to help you make your choice.

If you do not wish to have your Summary Care Record shared with other care professionals complete the patient consent form with your preferences and return it to us SCR Consent Form.

GDPR Privacy Notices:

Employee Privacy Notice

Children’s GDPR Poster

Children’s Privacy Information Leaflet

LGBT Confidentiality Statement

General Practice Transparency Notice Supplementary

GDPR Data Security Policies:

Data Protection-Policy

GDPR Staff Compliant Data Protection Policy

Data Protection Impact Assessment Policy

Records Retention Policy  and NHS Digital Retention Schedules

Practice Fair Processing and Privacy Notice – Updated September 2023

Staff Computer Security Policy

Call recording policy – July 2023

OpenSAFELY secure COVID-19 research platform

As part of ongoing efforts to improve healthcare through research, this practice is participating in the expansion of the NHS OpenSAFELY Data Analytics Service.

This secure platform enables approved researchers to analyse pseudonymised patient data to better understand health conditions, treatments, and service demands—building on its success during the COVID-19 pandemic. Importantly, your identifiable information (such as name, NHS number, and address) is removed or replaced with generalised markers before any analysis. No data leaves your GP’s IT system; instead, research code is securely run within the system itself, and only anonymous, aggregated results are shared.

This ensures your privacy is protected while supporting vital public health research.  These Directions are for a time limited pilot until 31 March 2027.

For further information please refer to:-

NHS OpenSAFELY Data Analytics Service Pilot Directions 2025 – NHS England Digital and IG frequently asked questions (FAQs) – Information governance – NHS Transformation Directorate

Further reading:

BMA – GPs Data Controllers Under GDPR

Data Protection Officer:

The practices Data Protection Officer (DPO) is Jane Marley, Head of IG at the ICB.

To contact the DPO, please use the following email address: MSEGP.DPO@nhs.net

Date published: 18th October, 2014
Date last updated: 28th July, 2025