Data Protection

New General Data Protection Regulations - May 2018

The Practice is registered with the Information Commissioner under the Data Protection Act. The information we hold on our patients will only be disclosed to authorised individuals for the purposes of Health Administration and Services.

The staff at Fforestfach Medical Centre take your confidentiality very seriously and are bound by the same code of confidentially as the doctors. You can reduce the risk of compromising your medical record by not asking others to telephone us on your behalf.

You do have a reasonable right to access your medical record.

The Surgery is deemed to be a public authority under the Freedom of Information Act 2000.

For training and quality purposes we record all calls to and from the surgery.

We have CCTV for crime prevention and detection purposes.



GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.

The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:

  • Practices must comply with subject access requests
  • Where we needs your consent to process data, this consent must be freely given, specific, informed and unambiguous
  • There are new, special protections for patient data
  • The Information Commissioner’s Office must be notified within 72 hours of a data breach
  • Higher fines for data breaches – up to 20 million euros


What is ‘patient data’?

Patient data is information that relates to a single person, such as his/her diagnosis, name, age, earlier medical history etc. 

What is consent?

Consent is permission from a patient – an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.

The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.

Individuals also have the right to withdraw their consent at any time.


People to contact regarding Data Protection matters:


Practice Manager/IG Lead – Katherine Morgan

IG Support – Marie Isaac

Caldicott Guardian – Dr JOJ Powell / Dr D Bensusan

Data Controllers – GP Partners

Data Processors – All staff


NHS WalesThis site is brought to you by My Surgery Website