This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.
 

Noticeboard

GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1]

Superseding the Data Protection Directive, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union. Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The data owner has the right to revoke this permission at any time.

A processor of personal data must clearly disclose any data collection, declare the lawful basis and purpose for data processing, how long data is being retained, and if it is being shared with any third-parties or outside of the EU.

Users have the right to request a portable copy of the data collected by a processor in a common format, and the right to have their data erased under certain circumstances.

Public authorities, and businesses whose core activities centre around regular or systematic processing of personal data, are required to employ a data protection officer (DPO), who is responsible for managing compliance with the GDPR. 

GDPR Poster May 2018

The Data Protection Officer for all Warrington practices is:

Mr Craig Walker

Head of Information Governance and Quality Assurance & Data Protection Officer

St Helens & Knowsley Teaching Hospital Trust

Health Informatics Services

Alexandra Business Park

Prescot Road

St Helens

WA10 3TP

TEL                   0151 676 5698

EMAIL               IG@sthk.nhs.uk

Please click on the link/s below to access our notices and leaflets:

Childrens Privacy Notice

Childrens Privacy Leaflet

Patients Privacy Notice

Patients Privacy Leaflet



 
Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website