GDPR & Your Information

General Data Protection Regulation (GDPR)

You may have already heard about the General Data Protection Regulation (GDPR) which came into force on 25th May 2018. It’s a change to the law around data protection & personal information. In line with the regulation we are updating our privacy notices and access requests process, to reflect the new and strengthened rights in relation to your data and the legal grounds for using it.

Your Information and How We Use it

The new General Data Protection Regulation (GDPR) changes the way we use your information and the process we have for you to access your information. This page gives you all the information you need to understand how we will use and process your data and how you can access your information.

Privacy Notice

This notice will tell you how we will use your information

Subject Access Requests

As a data subject (a person we hold and process data for) you have a right to access the information we have about you.

To access this information you will need to complete a  Subject Access Request (SAR) form.  This form can be found in Other Forms/Leaflets & Information.  Once completed, you will need to bring the form to the surgery with two forms of identification. We require one piece of ID from each category below;

A – Passport, Driving Licence or Birth Certificate.

B – Utility bill, Bank statement, Medical card or similar.

In the rare circumstance that you do not have the above ID, there is a countersignature form that you can get completed by a professional person.

Once your ID has been verified your request is complete, we will provide your information within one calendar month. This will be provided via encrypted, password protected email.

There is no charge for this, however, if you require additional copies of the information or make excessive requests we do have the right to charge for these.

Consent for Children

If you have parental responsibility for a child up to the age of 12 you have full responsibility and full access to their records.

When your child turns 12 we suggest you contact the practice – there are a few options at this point.

From the age of 12, your child can come to consultations on their own provided the clinician is comfortable that the child is able to make their own decisions.

12-16-year-olds can also have their own online access but a clinician has to approve competency.  Assessment of Gillick competence requires an examination of how the child deals with the process of making a decision based on an analysis of the child’s ability to understand and assess risks. It is a high test of competence that is more difficult to satisfy the more complex the treatment and its outcomes become.

If a parent wants online access for a child aged 12-16 they must have signed consent from the child then the parent can have access to booking appointments and repeat medications but not the medical record.

If the parent wants access to the medical record we will need the child’s signed consent and a clinician will have to see the child to confirm this decision.


Our Data Controller is Dr Steve Lovisetto.

Our Data Protection Officer is Mr Paul Couldrey.