The General Data Protection Regulation (GDPR) is an EU Regulation which will be directly applicable in the UK on 25 May 2018. 

The NIGPC IT team have put together a number of resources you may find helpful in getting up to speed and preparing for the new regulations.

To access the full collection of resources you will need to login and go to the Guidance Section of the NILMC website


What you need to know - Basics

The GDPR and Data Protection Act 2018 replace the Data Protection Act 1998 with an updated and strengthened data protection framework, however, the key principles of the original Act remain unchanged. The most relevant changes for GPs in their role as data controllers are highlighted in the box below.

Screen-Shot-2018-04-03-at-22.14.53.png#asset:811

The BMA guidance below explains GP data controllers' responsibilities under the GDPR, and sets out the main themes of the legislation and what needs to be done to ensure compliance. 

The principles in the BMA guidance apply to doctors working in private practice or other NHS healthcare settings.

GPs Access the full guidance - BMA GPs as data controllers under the GDPR 


 NIGPC ICT Resource Folder

The NIGPC ICT lead - Dr Michael McKenna - Has kindly collated a collection of resources relating to GDPR including:

UK GPC presentations / Official GDPR Guidance / Sample practice Privacy notices / Guidance form the information governance alliance / Template privacy notices / The full GPC IT Lead Blog collection on GDPR / BMA Guidance document on GDPR

This can be found on the Guidance Section

To access this you will need to register to the NILMC website and be a member of a LMC 


GPC IT GDPR Blogs

A very helpful series of blogs on GDPR from Dr Paul Cundy (GPC IT Lead) - has been republished with permission on the NILMC site

GDPR for GPs from the IT Lead for GPC - Part 1

GDPR for GPs - Part 2 - the Data Protection Officer 

the full series can be found in the resource folder in the  Guidance Section


FAQs from the Information Commissioner's Office

You can read FAQs from the Information Commissioner's Office covering; What is the GDPR? / What information does the GDPR apply to? / the need to appoint a data protection officer (DPO)? and more

Here