In order for The Practice to comply with the General Data Protection Regulations introduced in May 2018 we need to explain how and why we manage stored data.
The Data Protection Officer for the practice is Dr C. N. Sawyer.
Data is stored securely on a local server with a remote back-up compliant with industry standards.
Data will be processed to aid in maintaining the optimal health of our patients. It may also be used for internal audit to improve the practice. It will be shared with other medical practitioners in the practice and will also be visible to the office staff and Nursing Care Assistant. It will also be shared with specialists to whom we refer, but only with explicit consent.
This data processing is in accordance with Articles 6 (1)(f) and 9 (2)(h) of the GDPR.
Personal data will be held for 10 years after the last recorded event.
Patients have the right to a copy of all data held by the practice.
The practice reserves the right to retain personal data for the purposes of defending itself against potential future litigation. Data can however be made “inactive” and not generally accessible if requested.
Complaints regarding data storage and processing should be addressed to the ICO (0303 123 1113 – https://ico.org.uk/concerns/).