GDPR, Your Rights & Access to Record
What is GDPR?
General Data Protection Regulation (GDPR) is a piece of legislation that seeks to harmonise the way that data protection laws are applied across member states of the European Union. This new legislation will replace the current Data Protection Act 1998 as from Friday 25 May 2018 and creates tougher penalties for non-compliance than under the Data Protection Act 1998.
Your Rights, including Access to Records Held by the Trust
From the 25th May 2018 the General Data Protection Regulation extends the rights of individuals, dependent on the legal basis of processing.
If you wish to exercise your rights we will need your request in writing together with relevant identification documentation, which must be sent to: firstname.lastname@example.org
We will either complete your request within 30 calendar days or write to you to explain if there are grounds to refuse the request or advise of an extension of no more than an additional 60 calendar days.
The Rights explained
The right to be informed; Individuals have a right to know how their personal data is going to be used by the Trust. In most cases this information should be included in a privacy notice that is made available at the point personal data is captured.
The right of access; Individuals have a right to be informed if their personal data is being processed and if so, to request a copy. Individuals or their representatives making an application for access to the records held by the Trust may use the Trust’s form to make their request, which will guide the requester through the process including what additional data is required with the application.
The right to rectification; Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If we have disclosed the personal data in question to third parties, we will inform them of the rectification where possible. We will also inform individuals if we have disclosed their personal data to any third parties if appropriate.
The right to erasure; Individuals now have the right to erasure, which is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason to keep it.
The right to restrict processing; Individuals may request that the processing of their personal data is restricted. When processing is restricted, we will continue to store the personal data, but we will not further process it.
The right to data portability; The right to data portability allows individuals to obtain and reuse any personal data that they supply to the Trust in an electronic format.
The right to object; Individuals have the right to object to processing which is only lawful on certain legal grounds. They may also object to direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics.
Rights in relation to automated decision making and profiling; Individuals have the right not to be subject to a decision when it is based on automated processing and it produces a legal effect or a similarly significant effect on the individual. Individuals also have the right to request the logic which underpins any automated decisions made about them.
Further Access Rights Legislation
In all cases, access to record held by the Trust can be applied for by using the Trust’s application form to providing the same level of detail in writing and providing copies of relevant documents.
Access to Health Records Act 1990; in regard to deceased patients, the Act allows the patient’s personal representative and any person who may have a claim arising out of the patient’s death to submit an application, unless there is any reason to withhold the data, such as potential to cause serious harm. In all cases you will be required to provide copies of relevant authority such as a copy of the Will or letters of administration.
Access to Medical Reports Act 1988; allows individuals to see medical reports written about them, for employment or insurance purposes, by a doctor or clinician who they usually see in a ‘normal’ doctor/patient capacity. This right can be exercised either before, or after, the report is sent.
If you have any complaint about the service provided in relation to your request please contact the Trust’s Patient Advice and Liaison Service, Tel: 01208 834620. The Information Commissioner’s Office is the regulatory authority for Data Protection and you may also take any complaint direct to them, link: https://ico.org.uk/concerns/