North Staffordshire LMC, Middleport Medical Centre, Newport Lane, Middleport, Stoke-on-Trent, ST6 3NPTel: 0300 365 0135
The BMA: GPs as data controllers under the GDPR
Dr Paul Cundy, GPC IT Policy Lead, has published a series of blogs (dropbox link) on the General Data Protection Regulation. He says "they are a narrative in nature and attempt to cover the questions (he) sees surfacing on the various email lists and other media. Their status should be of informed opinion. Facts are referred to as facts and opinions clearly identified and (he) hopes justified". The links below are accessible here for those people unable to access dropbox with kind permission from Dr CundY.
Blog 0: GDPR - where to start, in the beginning etc
Blog 1: GDPR for GPs from the IT lead for GPC
Blog 2: Background and scene setting
Blog 3: Data Protection Officers
Blog 4: Privacy notices
Blog 5: Texts and emails
Blog 6: Articles 6 and 9 deciphered
Blog 7: Subject Access Requests
Blog 8: Things to do list, plan, timetable
Blog 9: Fines
Blog 10: Erasure and Portability - NOT!
Blog 11: I'm an LMC - what's in it for me ?
Blog 13: Data Privacy Impact Assessment(s)
Blog 14: Data breaches
Blog 15: Documentation
Blog 16: Those you employ
Blog 17: Consent
The EU GDPR: The Key points for GPs by the Information Governance Alliance
Guidelines on Consent under Regulation 2016/679 (wp259) [adopted but still to be finalised]
Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is "likely to result in high risk" for the purposes of Regulation 2016/679
Guidelines on transparency under Regulation 2016/679
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Official Section 251 guidance Health Research Authority
DRAFT: Privacy Notice - Care Quality Commission
DRAFT: Privacy Notice - Direct Care - Emergencies
DRAFT: Privacy Notice - Direct Care - Routine care and referrals
DRAFT: Privacy Notice - LMCs
DRAFT: Privacy Notice - National screening programs
DRAFT: Privacy Notice - Payments
DRAFT: Privacy Notice - NHS Digital
DRAFT: Privacy Notice - Public Health
DRAFT: Privacy Notice - Research
DRAFT: Privacy Notice - Commissioning, Planning, Risk Stratification, Patient Identification
DRAFT: Privacy Notice - Safeguarding
Sample exemplary Practice Privacy Notice Dr Neil Bhatia
The UK Caldicott Guardian Council has produced this webpage with further information and guidance too.
This page last updated 22nd April 2018