Individual Rights

The UK General Data Protection Regulation (UK GDPR) 2016 determines how your personal data is processed and advises on how to keep this data safe. It also stipulates your rights when it comes to processing your data, dependent on the purpose and legal basis used. 

There are 6 principles within UK GDPR that organisations must adhere to when processing patient and staff data

• Must be processed lawfully, fairly and transparently
• Collected for specific, explicit and legitimate purposes
• Processed for limited purposes in line with why the data was collected
• Data must be accurate and where necessary kept up to date
• Held securely by the use of appropriate technical and organisation measures
• Kept no longer than necessary for the purpose it was collected

There are 8 rights in total that patients and staff may exercise

• Right to be informed
• Right of access
• Right to rectification
• Right to object
• Right to erasure
• Right to restrict processing
• Right to portability
• Rights related to automated decision making and profiling

(Some rights are limited and there may be legitimate grounds that override these rights)

Please refer to the guide on Individual Rights for full information.

Should you want to exercise any of these rights in relation to the processing of your data, please complete the Practice individuals rights form and return this to – Ann Brown Practice Manager

Abercynon Medical Centre
Ynysmeurig Road
Abercynon
R C T
CF45 4YB