This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.

General Data Protection Regulation (GDPR) How we use your information

Data Protection Law has changed

On the 25th May 2018 the General Data Protection Regulation, known as GDPR came into effect.   GDPR imposes additional obligations on organisations and gives you extra rights around how your data is used.  

Thames Avenue Surgery ask you for information about yourself so that we can give you appropriate care and treatment.   This information is kept, together with details of the care you have received, because it may be needed if we have to see you again.   

Your information is not only used to guide and administer the care you receive, it is also used to help look after the health of the general public, to audit NHS services, to investigate complaints and to make sure our services can meet patient needs in the future.  

Everyone working for the NHS has a legal duty to keep your information confidential and anyone who receives that information from us is also under a legal duty to keep it confidential too.


We have now published new Privacy Notices to give you more information on the data we hold on you, what we do with that data, who we share your data with and your new rights under the GDPR.    

You can view our Privacy Notices here or alternatively you can request a copy from us directly:-

Direct Care (Routine Care and Referrals) Privacy Notice

COVID-19 Privacy Notice

GP Practice Transparency Notice for GPES Data for Pandemic Planning and Research (COVID-19)
Direct Care (Emergencies) Privacy Notice

Summary Care Record Privacy Notice

National Screening Programme Privacy Notice

Public Health Privacy Notice

Research Privacy Notice

Care Quality Commission Privacy Notice

Payments Privacy Notice

NHS Digital Privacy Notice
Commissioning, Planning, Risk Stratification & Patient Identification Privacy Notice

Safeguarding Privacy Notice


Data Protection Impact Assessment (DPIA)

The DPIA is the most efficient way for Thames Avenue Surgery to meet its data protection obligations and the expectations of its data subjects.  

In accordance with Article 35 of the GDPR, DPIA should be undertaken where: 

  • A type of processing, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons; then the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.
  • Extensive processing activities are undertaken, including large-scale processing of personal and/or special data

DPIAs are to include the following:

  • A description of the process, including the purpose
  • An evaluation of the need for the processing in relation to the purpose
  • An assessment of the associated risks to the data subjects
  • Existing measures to mitigate and control the risk(s)
  • Evidence of compliance in relation to risk control

It is considered best practice to undertake DPIAs for existing processing procedures to ensure that Thames Avenue Surgery meets its data protection obligations.  DPIAs are classed as “live documents” and processes should be reviewed continually.  As a minimum, a DPIA should be reviewed every three years or whenever there is a change in a process that involves personal data.     

Publishing of our DPIAs help to foster trust in your handling of personal data, and demonstrate accountability and transparency.  You can view our DPIA's below or request a copy from us directly.

DPIA_MEDICAL INTEROPERABILITY GATEWAY

DPIA_VISTA

DPIA_DIABETIC EYE SCREENING

DPIA_BIOBANK



Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website