Data Protection Law changed as from 25th May 2018 – please see our Privacy Notices to give you more information on the data we hold on you, what we do with that data, who we share your data with and your new rights under GDPR.

How we use your information

On the 25th May 2018 the General Data Protection Regulation, known as GDPR came into effect.   GDPR imposes additional obligations on organisations and gives you extra rights around how your data is used.

Thames Avenue Surgery ask you for information about yourself so that we can give you appropriate care and treatment.   This information is kept, together with details of the care you have received, because it may be needed if we have to see you again.

Your information is not only used to guide and administer the care you receive, it is also used to help look after the health of the general public, to audit NHS services, to investigate complaints and to make sure our services can meet patient needs in the future.

Everyone working for the NHS has a legal duty to keep your information confidential and anyone who receives that information from us is also under a legal duty to keep it confidential too.

We have now published new Privacy Notices to give you more information on the data we hold on you, what we do with that data, who we share your data with and your new rights under the GDPR.

You can view our Privacy Notices and Processing Activities here or alternatively you can request a copy from us directly:-

Direct Care (Routine Care and Referrals) Privacy Notice

COVID-19 Privacy Notice

GP Practice Transparency Notice for GPES Data for Pandemic Planning and Research (COVID-19)

Direct Care (Emergencies) Privacy Notice

Summary Care Record Privacy Notice

National Screening Programme Privacy Notice

Public Health Privacy Notice

GP Planning and Research Privacy Notice

Care Quality Commission Privacy Notice

Payments Privacy Notice

NHS Digital Privacy Notice

Commissioning Planning Risk Stratification & Patient Identification Privacy Notice

Safeguarding Privacy Notice

Data Protection Privacy Notice

Human Resources Privacy Notice

GP Statutory Disclosures Privacy Notice

Processing Activities

Data Protection Impact Assessment (DPIA)

The DPIA is the most efficient way for Thames Avenue Surgery to meet its data protection obligations and the expectations of its data subjects.

In accordance with Article 35 of the GDPR, DPIA should be undertaken where:

  • A type of processing, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons; then the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.
  • Extensive processing activities are undertaken, including large-scale processing of personal and/or special data

DPIAs are to include the following:

  • A description of the process, including the purpose
  • An evaluation of the need for the processing in relation to the purpose
  • An assessment of the associated risks to the data subjects
  • Existing measures to mitigate and control the risk(s)
  • Evidence of compliance in relation to risk control

It is considered best practice to undertake DPIAs for existing processing procedures to ensure that Thames Avenue Surgery meets its data protection obligations.  DPIAs are classed as “live documents” and processes should be reviewed continually.  As a minimum, a DPIA should be reviewed every three years or whenever there is a change in a process that involves personal data.

Publishing of our DPIAs help to foster trust in your handling of personal data, and demonstrate accountability and transparency.  You can view our DPIA’s below or request a copy from us directly.








If you wish to opt your data out of the NHS Digital GP Data for Planning and Research, please download this form and email, post or hand in to the surgery:

Type1 Optout form

Summary Care Record

There is a new Central NHS Computer System called the Summary Care Record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had.

Why do I need a Summary Care Record?

Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.

This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.

Who can see it?

Only healthcare staff involved in your care can see your Summary Care Record.

How do I know if I have one?

Over half of the population of England now have a Summary Care Record. You can find out whether Summary Care Records have come to your area by looking at our interactive map or by asking your GP

Do I have to have one?

No, it is not compulsory. If you choose to opt out of the scheme, then you will need to complete a form and bring it along to the surgery. You can use the form at the foot of this page.

More Information

For further information visit the NHS Care records website

Download the opt out form >>>>