General Data Protection Regulation (GDPR)
You may have already heard about the General Data Protection Regulation (GDPR) which came into force on 25th May 2018. It's a change to the law around data protection & personal information. In line with the regulation we are updating our privacy notices and access requests process, to reflect the new and strengthened rights in relation to your data and the legal grounds for using it.
Your Information and How we Use it
The new General Data Protection Regulation (GDPR) changes the way we use your information and the process we have for you to access your information. This page gives you all the information you need to understand how we will use and process your data and how you can access your information.
These notices will tell you how we will use your information
Patient Care Privacy Notice
Subject Access Requests
As a data subject ( a person we hold and process data for) you have a right to access the information we have about you.
To access this information you will need to complete a Subject Access Request form. This form can be accessed by clicking the form below. Once completed the form can be brought to any of our surgeries or you can email it to To complete your request you will need to provide us with ID verification ( this is whether you bring in your form, email it or a third party such as a solicitor requests it). We require one piece of ID from each category as below;
A - Passport, Driving Licence or Birth Certificate
B - Utility bill, Bank statement, Medical card or similar
In the rare circumstance that you do not have the above ID there is a countersignature form that you can get completed by a professional person.
Subject Access Request Form
Once your ID has been verified your request is complete, we will provide your information within one calendar month. This will be provided on an encrypted disc unless you request an alternative form.
There is no charge for this, however if you require additional copies of the information or make excessive requests we do have the right to charge for these.
Consent for Children
If you have parental responsibility for a child up to the age of 12 you have full responsibility and full access to their records.
When your child turns 12 we suggest you contact the practice - there are a few options at this point.
From the age of 12 your child can come to consultations on their own provided the clinician is comfortable that the child is able to make their own decisions.
12-16 year olds can also have their own online access but a clinician has to approve competency.
If a parent wants online access for a child aged 12-16 they must have a signed consent from the child then the parent can have access to booking appointments and repeat medications but NOT the medical record.
If the parent wants access to the medical record we will need the child’s signed consent and a clinician will have to see the child to confirm this decision.
BMC Patient SystmOnline Request Form.pdf
BMC Proxy Access to GP online services Form.pdf
Our Data Controller is Dr Steve Lovisetto
Our Data Protection Officer is Mrs Stephanie Drury