General Data Protection Regulation (GDPR)

Your Information and How we Use it

From 25th May 2018 the General Data Protection Regulation (GDPR) comes into law. This changes the way we use your information and the process we have for you to access your information. This page gives you all the information you need to understand how we will use and process your data and how you can access your information.

Privacy Notice

This notice will tell you how we will use your information

Here is a useful link to a video to show you how information is shared you may need to copy this into your web browser

Below is this organisation’s Privacy notice:

GS Privacy notice for patients


Subject Access Requests (Requests for access to medical records)

As a data subject (a person we hold and process data for) you have a right to access the information we have about you.

To access this information you will need to complete a Subject Access Request form. This form can be accessed by clicking the form below. Once completed the form can be brought to the Practice (together with any identification required).  To complete your request you will need to provide us with ID verification (this is whether you bring in your form or a third party such as a solicitor requests it). The identification is required even if you are already a patient due to the security requirements we need to satisfy.   We require one piece of ID from each category as below;

GDPR Subject Access request

A – Passport, Driving Licence or Birth Certificate

B – Utility bill, Bank statement, Medical card or similar

In the rare circumstance that you do not have the above ID there is a countersignature form that you can get completed by a professional person.

Once your ID has been verified your request is complete and we will provide your information within one calendar month.  The policy of the practice will be to register you for online access to your own records unless you request otherwise.

There is no charge for this, however if you require additional copies of the information or make excessive requests we do have the right to charge for these.

Consent for Children

If you have parental responsibility for a child up to the age of 12 you have full responsibility and can have full access to their records.

When your child turns 12 we suggest you contact the practice – there are a few options at this point.

From the age of 12 your child can come to consultations on their own provided the clinician is comfortable that the child is able to make their own decisions.

12-16 year olds can also have their own online access but a clinician has to approve competency.

If a parent wants online access for a child aged 12-16 they must have a signed consent from the child then the parent can have access to booking appointments and repeat medications but NOT the medical record.

If the parent wants access to the medical record we will need the child’s signed consent and a clinician will have to see the child to confirm this decision.

Our Data Controller is Dr Jason Procter

Our Data Protection Officer is Louise Whitworth and her e mail address is [email protected] for any enquiries