Data Protection Policy

Data Protection Policy

We wish to inform all our patients that this practice complies fully with the new General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA17)

You can read our Data Protection Policy here or ask a member of reception team for a copy of our policy. Alternatively request to speak with Dr Ilias Tzampazis the practice owner and registered manager.

1. General

The practice collects, holds, processes and shares personal data in accordance with the provisions of the General Data Protection Regulation and the Data Protection Act 2018. We have carried out and will review as appropriate, a Data Audit.

This Policy applies to personal data in the following categories:

2. Data Protection Principles

We shall ensure that Personal Data, including Special Data (health) will be:

3. Lawful Basis

Data will be held and processed under the following Lawful Basis:

We will additionally secure the specific consent of patients for the provision of electronic communication under the Privacy and Electronic Communication Regulations 2011.

4. Data Subjects’ Rights

We will ensure that the rights of Data Subjects are respected and maintained by:

5. Subject Access Requests

All data subjects may submit a request to be informed of the data we hold about them, its lawful basis and from whom it is/was obtained and to whom it may be disclosed. We will provide this information without charge and as soon as is reasonably possible and in any event within one month of a valid request being received. Access requests should be addressed (or forwarded without delay) to Ilias Tzampazis.

6. Training and Compliance

We will ensure that all staff are aware of their duty of strict confidentiality regarding personal data, both professional and under the Data Protection law. We will provide training and assure compliance and will review and refresh training on a regular basis.

It is a condition of continuing employment that all staff are aware of, sign their acceptance of, and comply with, their obligations under this Policy. Any queries or concerns must be immediately addressed to Ilias Tzampazis. A breach of this Policy may amount to misconduct and result in disciplinary action. Serious or persistent breaches may result in dismissal.

7. Security of Data

The practice will publish and maintain an Information Security policy to assure against any loss, damage, unlawful disclosure or non-compliant erasure of data. All staff will be trained and advised of their obligations under this Policy.

Version 1, May 2018, Review due May 2019