The General Data Protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data.
View the OHP Employee Privacy Notice
View the OHP Modern Slavery Statement
What is GDPR?
GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
- Practices must comply with subject access requests
- Where we need your consent to process data, this consent must be freely given, specific,
informed and unambiguous - There are new, special protections for patient data
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
- Higher fines for data breaches – up to 20 million euros
What is ‘patient data’?
Patient data is information that relates to a single person, such as his/her diagnosis, name, age, earlier medical history etc.
What is consent?
Consent is permission from a patient – an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”
The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records. Individuals also have the right to withdraw their consent at any time.
Data choices
Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments. The NHS is committed to keeping patient information safe and always being clear about how it is used.
How your data is used
Information about your individual care such as treatment and diagnoses is collected about you whenever you use health and care services. It is also used to help us and other organisations for research and planning such as research into new treatments, deciding where to put GP clinics and planning for the number of doctors and nurses in your local hospital. It is only used in this way when there is a clear legal basis to use the information to help improve health and care for you, your family and future generations.
Wherever possible we try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.
You have a choice
You do not need to do anything if you are happy about how your information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service. You can change your mind about your choice at any time.
Will choosing this opt-out affect your care and treatment?
No, choosing to opt out will not affect how information is used to support your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.
What do you need to do?
If you are happy for your confidential patient information to be used for research and planning, you do not need to do anything.
To find out more about the benefits of data sharing, how data is protected, or to make/change your opt–out choice visit www.nhs.uk/your-nhs-data-matters