What is GDPR?

The UK General Data Protection Regulation (UK GDPR) is part of the data protection landscape that includes the Data Protection Act 2018 (the DPA 2018). The UK GDPR sets out requirements for how organisations need to handle personal data.

What information does the UK GDPR apply to?

The UK GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. You can find more detail in the key definitions section of our Guide to the UK GDPR.

There are additional rules in the UK GDPR for organisations processing special category data. This includes information about an individual’s health.

What types of privacy data does the GDPR protect?

  • Basic identity information such as name, address and ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation

Green lane surgery has its GDPR policy in place and follow the recommendations and mandatory requirements under the Data Protection Act 1998.

How we use your medical records

  • This practice handles medical records in-line with laws on data protection and confidentiality.
  • We share medical records with those who are involved in providing you with care and treatment. This is on a need to know basis and event by event.
  • In some circumstances we will also share medical records for medical research, for example to find out more about why people get ill. We may also share medical records for conducting audits in order to improve patient care.
  • We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe.
  • Data about you is used to manage national screening campaigns such as flu, cervical cytology, bowel cancer screening and diabetes prevention.
  • You have the right to be given a copy of your medical record.
  • You have the right to object to your medical records being shared with those who provide you with care.
  • You have the right to object to your information being used for medical research and to plan health services.
  • You have the right to have any mistakes corrected and to complain to the Information Commissioner’s Office.

 If you would like to see our full Practice Privacy Policy and GDPR Policy there is a copy at reception or you can speak to the Practice Manager.

Our practice is registered with iCO. Since 12th Feb 2003, Certificate number –Z7026921

Click on the links below for more detailed information on our policies:

GDPR Quick Information Chart

GDPR Privacy Notice

Subject Access Requests Information & Form

Data Protection Officer – Dr N. Teotia
Data Controller – Green Lane Surgery


We respect your right to privacy and to keep all information confidential and secure. It is important that the NHS keep accurate and up-to-date records about your health and treatment so that those treating you can give you the best possible care.

Identifiable information about you will be shared with others in the following circumstances:

  • To provide further medical treatment for you e.g. from District Nurses and Hospital Services
  • To help you get other services e.g. from the Social Work Department. This requires your consent.
  • When we have a duty to others e.g. in child protection cases.

Anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for Diabetic Care

Reception and Administration Staff require access to your medical records in order to do their work. These members of staff are bound by the same rules of confidentiality as the medical staff. We have an IT Policy in place and only authorised Staff can gain access to the computer system.

We comply fully with the Data Protection Act 1998 (click icon) and Freedom of Information Act 2000.

Change in your personal details

  • If you change your name, address or contact details (such as your telephone number or email address), please let us know as soon as possible so that we can update our records.
  • If you have registered for online access you can update your personal details securely using EMIS Access.  Click on the image below:

Our practice policies

Green Lane surgery has developed its own standard operating and management policies after considering regulations and procedures to be compliant with CQC guidance. All policies are available to all practice staff and stored on a common hard drive for east access for team members.

We have the following practice policies in place:

Accident reporting Anaphylaxis and Resuscitation Cancer care /End of life Care of elderly
Cervical screening Chaperone Code of Conduct Consent
General Cleaning Confidentiality Consent & MH Disinfection
Duty of candour Ear syringing Electrical safety Fire  risk and Safety
GOSHH Hep B Infection control Vaccine management
HIV and Aids Instrument and testing and Calibration Needle Stick injury Oxygen use
Patient records GDPR Premises safety Safeguarding
Data shredding Waste management Health and Safety IT and Data management
Business continuity plan Employment