General Data Protection Regulation (GDPR)

From 25th May 2018, the Data Protection Act (1998) is being replaced by a new piece of legislation known as the General Data Protection Regulation (GDPR).  As part of this change, we have to display a privacy notice, which explains how we process the data that we hold on you.

You can download our Privacy Notice below for how we deal with your direct care, which is the most common way that we process your data. This notice is also displayed on our notice board in the main reception area.

NHS_Digital Privacy Notice 2021.pdf

If you want a copy of any of our privacy notices below that relate to the following data processing areas, you will need to email the practice at with your request.

  • The CQC
  • Emergencies
  • NHS Digital
  • Safeguarding
  • Payments
  • Public Health
  • Research
  • Risk Stratification
  • National Screening Programmes
  • Summary Care Records

Our nominated Data Protection Officer (DPO) is Dr Jonathan Edwards, one of the GP Partners. If you have any questions about how GDPR might affect you, please do contact the surgery and ask for a message to be put through to him.

Access to Records

In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager.  No information will be released without the patient consent unless we have legal obligations.

Freedom of Information

Under the Freedom of Information Act (, if you would like your medical records to be withheld from the “National NHS IT Spine” please inform us in writing.

You also have the right to know what information we hold about you. If you would like to see your records, please speak to one of our receptionists. We have a practice policy regarding your access to your medical records.

Confidentiality and Medical Records

We ask you for personal information so that you can receive appropriate care and treatment. This information is recorded electronically and we are registered under the Data Protection Act 1998 and comply with the GDPR regulations. The Practice will ensure that patient confidentiality is maintained at all times by the Central Team. However, for the effective functioning of a multi-disciplinary team (MDT), it is sometimes necessary that medical information about you is shared between members of the team those who are involved in a patient's direct care.  Where a patient wishes information not to be shared within the team providing direct care, then this must be discussed with a patient's GP.

Please note the Practice's policy is to record telephone calls for the purposes of patient and staff care, security and dispute resolution.  Recordings and their use will comply with the Practice's Data Protection registration.

General Data Protection Regulations

Click here for link to the ICO's website. 

Kingston Care Record - click here for information and a link to opt out.

National Data Opt-Out Programme- click here for information

Summary - NHS Digital has introduced a new tool that people can use to opt out of their confidential patient information being used for reasons other than their individual care and treatment. This has been available from 25 May 2018.

The National Data Opt-Out - NHS Digital has developed a new system to support the National Data Opt-Out which will give patients more control over how confidential patient information is used. The system offers patients and the public the opportunity to make an informed choice about whether they wish their confidential patient information to be used just for their individual care and treatment or also used for research and planning purposes.

Choosing to Opt-Out - Patients and the public who decide they do not want their confidential patient information used for planning and research purposes are able to set their national data opt-out choice online. NHS Digital provides a non-digital alternative for patients and the public who can't or don't want to use an online system. Individuals can change their mind at any time. Existing Type 2 opt-outs (the option for a patient to register with their GP, to prevent their confidential patient information leaving NHS Digital) will be converted to the new national data opt-out. Patients with type 2 opt-outs will be informed of this change individually.

To opt out please go to the following website: 

Control of patient information (COPI) notice

The health and social care system is taking action to manage and mitigate the spread and impact of the current outbreak of Covid-19. 

For more details regarding the purpose of this Notice can be found here

Medical Records Digitisation

This privacy notice covers information processed by Civica on behalf of Central Surgery.

This is in support of medical records digitisation.

As a practice we are on involved in digitalisation our paper based records. Civica is assisting us with collecting, transporting, scanning and destroying these records so that they are digitalised.

Medical records digitalisation - Privacy Notice.doc