This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.

The BMA: GPs as data controllers under the GDPR

Dr Paul Cundy, GPC IT Policy Lead, has published a series of blogs (dropbox link) on the General Data Protection Regulation. He says "they are a narrative in nature and attempt to cover the questions (he) sees surfacing on the various email lists and other media. Their status should be of informed opinion. Facts are referred to as facts and opinions clearly identified and (he) hopes justified". The links below are accessible here for those people unable to access dropbox with kind permission from Dr CundY.

Blog 0: GDPR - where to start, in the beginning etc

Blog 1: GDPR for GPs from the IT lead for GPC

Blog 2: Background and scene setting

Blog 3: Data Protection Officers

Blog 4: Privacy notices

Blog 5: Texts and emails

Blog 6: Articles 6 and 9 deciphered

Blog 7: Subject Access Requests

Blog 8: Things to do list, plan, timetable

Blog 9: Fines

Blog 10: Erasure and Portability - NOT!

Blog 11: I'm an LMC - what's in it for me ?

Blog 13: Data Privacy Impact Assessment(s)

Blog 14: Data breaches

Blog 15: Documentation

Blog 16: Those you employ

Blog 17: Consent

The EU GDPR: The Key points for GPs by the Information Governance Alliance

Guidelines on Consent under Regulation 2016/679 (wp259) [adopted but still to be finalised]

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is "likely to result in high risk" for the purposes of Regulation 2016/679

Guidelines on transparency under Regulation 2016/679

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016  on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Official Section 251 guidance Health Research Authority

DRAFT: Privacy Notice - Care Quality Commission

DRAFT: Privacy Notice - Direct Care - Emergencies

DRAFT: Privacy Notice - Direct Care - Routine care and referrals

DRAFT: Privacy Notice - LMCs

DRAFT: Privacy Notice - National screening programs

DRAFT: Privacy Notice - Payments

DRAFT: Privacy Notice - NHS Digital

DRAFT: Privacy Notice - Public Health

DRAFT: Privacy Notice - Research

DRAFT: Privacy Notice - Commissioning, Planning, Risk Stratification, Patient Identification

DRAFT: Privacy Notice - Safeguarding

Sample exemplary Practice Privacy Notice Dr Neil Bhatia

The UK Caldicott Guardian Council has produced this webpage with further information and guidance too.

This page last updated 22nd April 2018

Further Information

    Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website