General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a regulation on data protection and privacy for all individuals within the EU. The GDPR aims to give control to citizens and residents over their personal data and becomes enforceable from 25th May 2018.

The GDPR supersedes the Data Protection directive 1995 and includes the following rights for individuals:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • the right not to be subject to automated decision-making including profiling

No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent.  Permission can be withdrawn at any time.

Under GDPR, Castleford Medical Practice must clearly disclose what data is being collected and how, why it is being processed, how long it is being retained, and if it is being shared with any third-parties. Patients have the right to request a copy of the data collected and the right to have their data erased under certain circumstances. 

Please follow the below links for further information.