What is the UK GDPR? The Data Protection Act?
The UK GDPR (General Data Protection Act) is part of the law that everyone using personal data about people (data subjects) in the UK is required to comply with. The Data Protection Act is another part; there are other laws but these two are the most relevant to the practice. Under these laws we are required to handle your information according to six data protection “Principles”, which require that your information is:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary
- Accurate and, where necessary, kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary
- Processed in a manner that ensures appropriate security
The following documents provide information relating to how the practice uses your information and explain how we meet the principles: