General Data Protection Regulation

Bartlett Group Practice and the GDPR

The General Data Protection Regulation (GDPR), in force from 25th May 2018, requires the practice to set out how we process, and keep safe, personal data, including sensitive health records.

You can find out more about the GDPR here:



Key Policies

You have the right to both:

  • Opt out of any of the data sharing schemes
  • Opt back into any of the data sharing schemes(that you may have already opted out of)


Access to your medical record (the Right of Access)

You have the right to get a copy of information that is held about you.

This is known as a subject access request.


Please note:

  • You will shortly be able to sign up for Secure Online Access to your full GP electronic record.
  • You can then look at your medical record whenever you want.

If you do wish to make a subject access request then:

  • You can do this in writing (letter, email, fax)
  • You can download and fill in this form if easier –
  • You can make such a request verbally to a member of staff or a doctor or nurse that you are consulting with at the surgery

Please let us know exactly what information you would like.

We will provide the information within 28 calendar days.

There is usually no fee for this.


Mobile Phone Numbers and Email Addresses

We ask all our patients to provide us with their mobile phone numbers and their email address, if they have them and should they so wish.

We use your mobile phone number in two ways:

  • to contact you, as an alternative to your landline number
  • to send you SMS text messages

The texts that we send are only ever related to your medical care – for example, reminding you of a forthcoming appointment at the surgery or an invitation for a check-up or immunisations. We do not use SMS for direct marketing in any way.

If you would prefer us not to ring you on your mobile phone then please say so and we will either not add your mobile phone number to your record, or remove any existing mobile phone number.

If you would prefer us not to send you SMS text messages – but you are happy for us to ring you on your mobile phone (when needed) – then please say so and we will mark your record as “no SMS text messages”.

We occasionally use email to communicate with our patients, again for matters related to your direct medical care.

Unless you have separately given us your explicit consent, we will not email you for non-medical matters (such as surgery newsletters and other information).

If you would prefer us not to email you then please say so and we will either not add your email address to your record, or remove any existing email address


Fair Processing Notice

This notice explains why the Practice collects information about you, how we keep it safe and confidential, and how that information may be used.


How we use your information

 We collect and hold data about you for the purpose of providing safe and effective healthcare

Data Protection Officer (DPO)

Laura Taw (GP IG Manager and Data Protection Officer (DPO) for GP Practices within Surrey Heath) has been designated as the Data Protection Officer for the Practice - Email:



If you have concerns or are unhappy about the handling of your information, please contact the Operations Manager, Wendy Foster at . Details of how to complain are on our website, or available in surgery.

For independent advice about data protection, privacy, and data sharing issues, you have the right to complain to the Information Commissioner’s Office. 


or call their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)


Further Information

If you would like any further information about primary or secondary uses of your GP record, opting out, the NHS Databases, access to your medical record, confidentiality, or about any other aspect of NHS data sharing or your medical records, then please do contact the Practice.