General Data Protection Regulations (GDPR)


With effect from 25th May 2018, the General Data Protection Regulations (GDPR) replaces the Data Protection Act (1995). This affects how we manage the information we hold about you, and your access to it. This notice is to make you aware of specific facts in this regard.


The information that we hold:

  • Name, Address, Date of Birth, Email Address, National Health Number, National Insurance Number and Telephone Contact Numbers.
  • Details of all consultations with Clinicians at this practice, together with any other practices you may have been registered with (permanently or temporarily) throughout your life.
  • Prescribed Medicines – whether regular repeat medication or acute medications throughout your life.
  • Administration contacts when these relate directly to your health.
  • All hospital letters regarding outpatient and inpatient contacts, and Accident and Emergency attendances at all hospitals – throughout your life.
  • Out of Hour Contacts – and details of all such consultations.
  • Correspondence with third party agencies, eg Department of Work and Pensions, Insurance companies, Employers.
  • Any other forms you have completed eg in relation to travel vaccination.
  • Copies of decisions you may have made in respect of eg Power of Attorney, Do Not Attempt CPR (Resus) – providing we have been made aware of such decisions.
  • If you have made a complaint against the practice – this information will be held securely and will NOT form part of your medical record, unless there is any aspect of the complaint that directly affects future care.
  • If you have behaved inappropriately or with aggression or violence towards any member of NHS staff this will be held on your medical record.

How/where your information is held:

  • Your original paper record which has followed you throughout your life from GP to GP is summarised to ensure your computer record holds essential details on your past health.
  • Your paper record is rarely used and is retained for reference purposes should there be any detailed enquiry (eg Insurance companies) about your past health.
  • Your computerised record will hold scanned images of all hospital letters we receive, together with electronically received results, letters, notifications from A&E or the Out of Hours Service, and third party agencies etc.
  • Copies of letters sent to hospitals, or third-party agencies (on your request).
  • Limited information is held securely within administration files for the purpose of providing information within the terms of the GP contract to secure NHS income to the practice for the continuation of primary care services.

This information is not identifiable to anyone outside of the NHS.


How we use this information:

Only in relation to the direct management of your health.

To respond to queries from third-party agencies (eg Insurance companies, Solicitors – at your request). Within the requirements of our contracted status in the NHS to provide information to secure appropriate levels of funding to continue providing health services within primary care.


Sharing this information:

  • As necessary with other health providers (NHS and/or private) in relation to referrals for additional care.
  • With pharmacies via prescriptions issued.
  • Anonymised data is shared with Public Health Wales to support health analysis and improvements to the NHS.
  • A&E, Out of Hours and other hospital departments have electronic access to restricted areas of your records to check significant medical history, medications, recorded allergies, recent pathology results – as necessary for your immediate or ongoing care.
  • Social Services and Police Departments when this is in the interest of public safety, or in the case of protection of a vulnerable adult or safeguarding of children.
  • Information Technology – the providers and maintenance of our clinical system will occasionally involve dial-in access – all of these engineers have been appropriately CRB checked and will have limited access to any individual medical records.
  • Carers – when these have formally completed the appropriate carer forms and we have a record of your request – carers are not entitled to your full lifelong records, they are only empowered to act on your behalf for issues that you are unable to deal with personally; and can only access records applicable to the period of time after they have signed as your carer.
  • Advocates or other family members/friends: Only as directed by you and with your signed authority.

Please Note: In an emergency, a healthcare professional may need to deal with someone representing you without obtaining your consent.