The most recent General Data Protection Regulation (GDPR) came into force on 25 May 2018, replacing the existing data protection framework under the EU Data Protection Directive.
In general, employers will be responsible for Interpreting and applying these obligations (though there are responsibilities on individual employees) but for those surgeons in part-time or whole-time private practice, there will be an individual obligation to ensure data is held in accordance with the regulations.
This document provides guidance as to how individual practitioners could ensure that their private practice is compliant with the regulations. We have drawn heavily on the work of the Data Protection Working Group of the ICGP who have produced an excellent set of guidelines as a service to GPs and their patients.
