The Data Protection Act 1998/ Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR) impose obligations on the use of all personal data held by Macklin Street Surgery whether it relates to patients and their families, employees, complainants, contractors or any other individual who comes into contact with the organisation. This has implications for every part of the organisation.
The Practice also has a duty to comply with guidance issued by the Department of Health, the NHS Executive, NHS Digital and the NHS Information Governance Alliance the specific requirements of the Information Governance (IG) Toolkit (from April 2018 the NHS Digital Data Security and Protections Assurance Toolkit) and guidance issued by professional bodies.
The Practice and its employees are bound by a legal duty of confidentiality to all patients which can only be set aside to meet an overriding public interest, legal obligation, or similar duty.
The DPA and GDPR apply all staff, contractors and volunteers working for the Practice. Macklin Street Surgery is a Data Controller, as defined in Article 3 (7) of the GDPR and Section 1 of the DPA and is obliged to ensure that all the Data Protection requirements are implemented.
The requirements of Article 5 (1) of the GDPR and be able to demonstrate compliance with those requirements Article 5(2).