Privacy notice

As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.

We ask you for personal information so that you can receive appropriate care and treatment. This information is recorded on computer and we are registered under the Data Protection Act. The practice will ensure that patient confidentiality is maintained at all times by all members of the practice team. However, for the effective functioning of a multi-disciplinary team it is sometimes necessary that medical information about you is shared between members of the team.

We comply with the eight enforceable principles of good practice which say that data must be:

  • Fairly and lawfully processed.
  • Processed for limited purposes.
  • Adequate, relevant and not excessive.
  • Accurate
  • Not kept longer than necessary.
  • Processed in accordance with the data subjects rights.
  • Secure.
  • Not transferred to countries which do not have adequate protection.

General Date Protection Regulation (GDPR) updates the Data Protection Act 1998

Your information is confidential. However, you can choose to Opt out of data sharing. Click on the link Opting out explained for more information and to help you make your choice.

If you do not wish to have your Summary Care Record shared with other care professionals complete the patient consent form with your preferences and return it to us SCR Consent Form.

GDPR Privacy Notices:

Employee Privacy Notice

Children’s GDPR Poster

Children’s Privacy Information Leaflet

LGBT Confidentiality Statement

General Practice Transparency Notice Supplementary

GDPR Data Security Policies:

Data Protection-Policy

GDPR Staff Compliant Data Protection Policy

Data Protection Impact Assessment Policy

Records Retention Policy  and NHS Digital Retention Schedules

Practice Fair Processing and Privacy Notice – Updated September 2023

Staff Computer Security Policy

Call recording policy – July 2023

Further reading:

BMA – GPs Data Controllers Under GDPR

Data Protection Officer:

The practices Data Protection Officer (DPO) is Jane Marley, Head of IG at the ICB.

To contact the DPO, please use the following email address: [email protected]

Date published: 18th October, 2014
Date last updated: 26th September, 2023