National guidance

Various organisations have issued guidance to support GDPR implementation:

Information Governance Alliance – “The EU General Data Protection Regulation: The Key Points for GPs” provides succinct guidance for GP practices.  Click here to launch the document in a separate window.

Information Commissioners Office (ICO) – “Preparing for the General Data Protection Regulations (GDPR): 12 steps to take now” provides practical guidance as a check list. Click here to launch the document in a separate window.

The ICO has also issued guidance for small healthcare organisations which you may find useful:

NHS England – “Managing the Friends and Family Test (FFT) in line with GDPR” advises how GDPR impacts on how this is collected.  Click here to launch the document in a separate window.

British Medical Association – Medical records access & copying fees page has been updated as follows: “From the 25 May 2018, in most cases, patients must be given access to their medical records free of charge, including when a patient authorises access by a third party such as a solicitor. A ‘reasonable fee’ can be charged if the request is manifestly unfounded or excessive, however, these circumstances are likely to be rare. We are in the process of updating our guidance document ‘Access to Health records’[*] which will available shortly and will provide further details on this.” [*not available as of 16/5/18].

IPlato – The company have issued guidance/reassurance around using their product. Click here to launch the document in a new window.

GDPR Training

Data Protection Officer training
All practices have been invited to send their nominated Data Protection Officer to a 3 hour “Introduction to Data Protection Officer” session being held on 13th June in our Putney training room.  20 spaces in the morning and 20 in the afternoon. Please book through (Course being funded by Wandsworth CCG). 

Quality event – 14th June
Simon Lacey (Cyber Security & Information Governance Specialist) who has helped us develop our GDPR documentation will be presenting at the upcoming quality event on 14th June.  There will be a Question & Answer in his session, please take along any questions or concerns you may have.  Contact for more information.

Templates & documents

Updates to this page: 

Thursday 17th May (15:45pm). We have spoken with the ICO and have developed a DRAFT Data Mapping Register and cover sheet which is being checked.  Comments welcome.

Wednesday 16th May (13:15pm) The privacy notice (for your website) and a patient information leaflet (for reception) have now been updated and available for use.


Document Description Status
GDPR Checklist (v2) A check list of activities which demonstrates what you are doing to meet the GDPR requirements. FINAL VERSION. Please download and use. 
Data Protection Framework FINAL A framework which describes our approach to ensure GDPR compliance. FINAL VERSION. Please download and ensure all yellow sections are localised to your practice. 
Privacy Notice (for website) v1 A privacy notice which should be displayed on your website and waiting area. FINAL VERSION. Please download and ensure all yellow sections are localised to your practice. 
Data Map Guidance

Example Data Mapping Log

A list of information which the practice controls. DRAFT issued for comment. Guidance is still being sought, feedback welcome.
Screening Tool: DPIA Screening Questionnaire

Full Assessment:DPIA Form

Privacy Impact Screening questionnaire can be used to identify if a full assessment is required. Draft issued for comment.
GDPR a Guide for General Practice A practice manual (developed by Balham Park Surgery) to support practices embed GDPR. FINAL VERSION. Please download and use. 
The information we hold about you A4 GDPR awareness poster to be displayed in reception FINAL VERSION. Please download and use. 
Patient Information – for reception v1 Patient leaflet providing more information regarding GDPR. We have tried to keep to 2 pages for double-sided copying. FINAL VERSION. Please download and ensure all yellow sections are localised to your practice. 
Reception & Admin presentation A crib sheet for practices to present the salient points to their reception and admin team. To be issued. 

Please use the contact form (on right hand menu) if you have any queries or questions.

Many practices are already using iGPR EMIS software to assist with Third Party requests for redacted information.  If you are not, please see Key points of iGPR which highlights the product and iGPR Overview if you wish to activate the product.  (It’s free).