General Data Protection Regulation
Information about how 'A Forward Step' collects, stores and processes
your data in line with current legislation.
What is GDPR?
The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK. It is part of the wider package of reform to the data protection landscape that includes the Data Protection Bill. The GDPR sets out requirements for how organisations will need to handle personal data since 25 May 2018. 'A Forward Step' strives to be fully GDPR compliant.
Accessing your data.
As a client
of 'A Forward Step', we may hold details about you in our records. The information we hold may be in paper form, electronic form or a combination of both. This information may include the following:
• Details about you, such as your address, legal representative, emergency contact details.
• Any contact the practice has had with you, including telephone calls, emails and appointments.
• Notes and reports about your health.
• Details about your treatment and care.
• Relevant information from other health professionals, relatives or those who care for you.
With regard to non-clients
ie. individuals who make a telephone enquiry but who do not become a client, please be aware that we do not make notes during the call, nor do we store your personal information. If your initial enquiry is made via the website email link, the message is deleted from the server after one month if you do not become a client. This is an extra step that we are taking for your personal protection and security.
How we look after your data.
We are bound by legislation and certain standards to ensure we handle and process your data correctly. These include:
• Data Protection Act 2018
• Human Rights Act 1998
• Health and Social Care Act 2012
• NHS Codes of Confidentiality and Information Security
• HCPC’s Standards of conduct, performance and ethics
• BPS’s Code of Ethics and Standards 2018
Sharing of your data.
In order for 'A Forward Step' to provide you with the best level of care and treatment, it may be appropriate to liaise with and share data between certain other organisations. We will seek your expressed permission to do so, and with a clear understanding of what data will be shared and under what circumstances. Some of the third parties that we may liaise with include (but is not limited to):
• NHS Trusts / Foundation Trusts
• GPs
• NHS Commissioning Support Units
• Private Sector Providers
• Voluntary Sector Providers
• Clinical Commissioning Groups
• Social Care Services
• Local Authorities
• Education Services
• Police & Judicial Services
The clinicians at 'A Forward Step' have a duty of care
to contact outside agencies without your permission if information you provide to us suggests that you or another person are either a danger to yourself, or a danger to others. Likely agencies would be GPs, Social Care Services and the Police, or others as appropriate. When safe to do so, our clinicians will inform you when they are acting on their duty of care, and who they are sharing the information with.
What are my rights under GDPR?
The GDPR provides the following rights for individuals:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling
Full details and explanations of each of these rights can be found at https://ico.org.uk/your-data-matters/
I wish to raise an objection / I have a complaint.
Should you have any concerns about how your information is managed by us, please contact the us directly and we will do what we can to address your concerns. If you are still unhappy, you can then complain to the Information Commissioners Office (ICO) via their website (www.ico.org.uk).
My circumstances have changed / There is an error in the information you have about me.
It is important that you tell us if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
Disclaimer.
The Data Protection Act 2018 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
This information is publicly available on the Information Commissioners Office website www.ico.org.uk
'A Forward Step' is registered with the Information Commissioners Office (ICO). Our registration number is ZA533642. Dr Paul Farrington is listed as the data protection officer for 'A Forward Step'.
This page was last updated on: 18th July 2019.
