General Data Protection Regulation
Bartlett Group Practice and the GDPR
The General Data Protection Regulation (GDPR), in force from 25th May 2018, requires the practice to set out how we process, and keep safe, personal data, including sensitive health records.
You can find out more about the GDPR here:
- IM&T 14 Data Security & Data Breach Policy V1.0
- BGP DPIA template guidance v1.0
- IM&T16 BGP Data Security and Toolkit Guidance Policy
- IMT19 – Individual Rights Policy v1.0
- Our Right to Object Policy
You have the right to both:
- Opt out of any of the data sharing schemes
- Opt back into any of the data sharing schemes(that you may have already opted out of)
Access to your medical record (the Right of Access)
You have the right to get a copy of information that is held about you.
This is known as a subject access request.
- You will shortly be able to sign up for Secure Online Access to your full GP electronic record.
- You can then look at your medical record whenever you want.
If you do wish to make a subject access request then:
- You can do this in writing (letter, email, fax)
- You can download and fill in this form if easier –
- You can make such a request verbally to a member of staff or a doctor or nurse that you are consulting with at the surgery
Please let us know exactly what information you would like.
We will provide the information within 28 calendar days.
There is usually no fee for this (from 25th May).
Mobile Phone Numbers and Email Addresses
We ask all our patients to provide us with their mobile phone numbers and their email address, if they have them and should they so wish.
We use your mobile phone number in two ways:
- to contact you, as an alternative to your landline number
- to send you SMS text messages
The texts that we send are only ever related to your medical care – for example, reminding you of a forthcoming appointment at the surgery or an invitation for a check-up or immunisations. We do not use SMS for direct marketing in any way.
If you would prefer us not to ring you on your mobile phone then please say so and we will either not add your mobile phone number to your record, or remove any existing mobile phone number.
If you would prefer us not to send you SMS text messages – but you are happy for us to ring you on your mobile phone (when needed) – then please say so and we will mark your record as “no SMS text messages”.
We occasionally use email to communicate with our patients, again for matters related to your direct medical care.
Unless you have separately given us your explicit consent, we will not email you for non-medical matters (such as surgery newsletters and other information).
If you would prefer us not to email you then please say so and we will either not add your email address to your record, or remove any existing email address
Fair Processing Notice
This notice explains why the Practice collects information about you, how we keep it safe and confidential, and how that information may be used.
How we use your information
We collect and hold data about you for the purpose of providing safe and effective healthcare
- This practice handles information in-line with laws on data protection and confidentiality.
- We share information with those who are involved in providing you with care and treatment.
- In some circumstances we will also share information for medical research, for example to find out more about why people get ill.
- We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe.
- You have the right to be given a copy of your medical record.
- If you are happy with how we use your information you do not need to do anything
- You have the right to object to your information being shared with those who provide you with care.
- You have the right to object to your information being used for medical research and to plan health services.
- You have the right to have any mistakes corrected and to complain to the Information Commissioner’s Office. Please see the practice privacy notice on the website or speak to a member of staff for more information about your rights.
- For more information ask at reception for a leaflet OR visit our website www.bartlettgrouppractice.co.uk
- Basic Privacy Notice Adults
- Basic Privacy Notice Children
- BGP General Privacy Notice V8 Mar20
- Privacy Notice – Direct Care v6.0 Mar20
- How the NHS and Care services use your information
Data Protection Officer (DPO)
Lucy Hunt (GP IG Manager and Data Protection Officer (DPO) for GP Practices within Surrey Heath) has been designated as the Data Protection Officer for the Practice
If you have concerns or are unhappy about the handling of your information, please contact the Business Manager, Ian Friend at firstname.lastname@example.org . Details of how to complain are on our website, or available in surgery.
For independent advice about data protection, privacy, and data sharing issues, you have the right to complain to the Information Commissioner’s Office.
or call their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
If you would like any further information about primary or secondary uses of your GP record, opting out, the NHS Databases, access to your medical record, confidentiality, or about any other aspect of NHS data sharing or your medical records, then please do contact the Practice.