Login | Text size A A A | Text version

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

Did you know the law is changing and soon? With effect from 25 May 2018, the GDPR will replace the Data Protection Act.

Key changes:

  • Consent to share information outside of healthcare has to be explicit
  • We are required to appoint a Data Protection Officer to monitor compliance with the regulation
  • Larger fines for data breaches – up to €20 million
  • Less time to respond to a subject access request
  • More rights for data subjects (patients, staff and the public)

How are we preparing for the change?

  • Awareness presentations have been carried out for our staff at team meetings
  • A working party has reviewed the changes and is ensuring that we are compliant by May 2018

What do you need to know?

Following the principles within the GDPR, MCH processes your data for purposes of:

  • provision of health or social care or treatment
  • medical diagnosis
  • preventative or occupational medicine
  • management of health or social care systems and services, carried out by, or under the supervision of health professional or another person, who in the circumstances owes a duty of confidentiality under an enactment or rule of law

Our privacy notice is available on our website https://www.medwaycommunityhealthcare.nhs.uk/privacy/

If you would like to view or request a copy of your patient record, please contact MCH Governance team via email medch.dataprotection@nhs.net or telephone 01634 334640. In most instances this service is free and we aim to provide the requested information within 30 days. More information can be found by visiting: