GDPR – further guidance now available

  • Latest news

The EU’s General Data Protection Regulation (GDPR) comes into force on 25 May 2018 when it replaces the UK Data Protection Act 1998. The GDPR is significant and wide-reaching in scope and it expands the rights of individuals to control how their personal information is collected and processed. The GDPR places a range of new obligations on organisations to be more accountable for data protection.

We have been keeping you up to date with guidance as it becomes available and the latest guidance is below:

  • GPC – GPs as data controllers

    This General Practitioners Committee guidance covers compliance, privacy notices for patients, reporting data breaches, information on financial penalties, access to patient records and the designation of Data Protection Officers (DPOs).

    Read more here.

  • IGA – GDPR guidance

    The national GDPR working group, chaired by NHS England, has produced a number of guidance documents publicised by the Information Governance Alliance (IGA), including a GDPR implementation checklist, on consent and lawfulness of processing.

    Read more here.

  • ICO – FAQs for small health sector bodies

    The Information Commissioner’s Office guidance includes updates on a wide range of issues including public authority definition under GDPR, issues relating to the appointment of a DPO, back-ups of personal data, GDPR registration, subject access requests (SARs), consent and personal data, reporting a personal data breach and how medical records are affected by the right to erasure.

    Read more here.

  • MRC – Preparation for the implementation of the General Data Protection Regulation (GDPR): GDPR, Consent in Research and Confidentiality

    The Medical Research Council guidance includes information for practices around requests for sharing personal data for research purposes and how consent and confidentiality fit in to it under GDPR.

    Read more here.

  • National Association of Sessional GPs (NASGP) – The guidance, aimed at sessional GPs but useful for everyone to read, covers who GDPR applies to, the main changes from current data protection law, consent and legal processing, transparency and fair processing, subject access requests, data breaches and DPIAs (Data Protection Impact Assessments).

    There is also information on the role of the DPO (Data Protection Officer) and the strengthening of patients’ rights as well as the two helpful scenarios on locum GPs accessing patient records. Our thanks to NASGP ( for allowing us to use this information.

    You can see the guidance on pages 17-21 of the guidance by clicking here.

Please remember to keep checking our website for further information.

Last updated : 19 Mar 2018