New Chapel Street Surgery

01633 485 155

General Data Protection Regulations

We respect your right to privacy and keep all your health information confidential and secure. It is important that NHS Wales keeps accurate and up-to-date records about your health and treatment so that those treating you can give you the best possible care.

Access to all records will be limited to the people caring for the patient, including medical secretaries. Sometimes other professionals involved in patient care will need access to the notes, but this will only be done with the express permission of the doctor.

We fully abide by GDPR, the Data Protection Act and Caldicott principals in the use of information.

Data Protection Policy

Practice Privacy Notice

Subject Access Request Form

NWSSP Legal & Risk Services (L&R) Updated Privacy Notice

What are you rights?

The General Data Protection Regulation (GDPR) 2016 determines how your personal data is processed and advises on how to keep this data safe. It also stipulates your rights when it comes to processing your data, dependent on the purpose and legal basis used.

There are 6 principles within the GDPR that organisations must adhere to when processing patient and staff data:

  • Must be processed lawfully, fairly and transparently
  • Collected for specific, explicit and legitimate purposes
  • Processed for limited purposes in line with why the data was collected
  • Data must be accurate and where necessary kept up to date
  • Held securely by the use of appropriate technical and organisation measures
  • Kept no longer than necessary for the purpose it was collected

There are 8 rights in total that patients and staff may exercise:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to object
  • Right to erasure
  • Right to restrict processing
  • Right to portability
  • Rights related to automated decision making and profiling

(Some rights are limited and there may be legitimate grounds that override these rights)

Should you want to exercise any of these rights in relation to the processing of your data, please complete the Practice individuals rights form and return this to the Practice Manager.

Privacy and Electronic Communications Regulations

The Privacy and Electronic Communications Regulations (PECR) sit alongside the data protection act and the GDPR.  They give people specific privacy rights in relation to electronic communications.

There are specific rules on:

  • Marketing calls, emails, texts and faxes;
  • Cookies (and similar technologies)

We use text messages for a variety of reasons:

  • Appointment reminders
  • Invitation to specific clinics, for example, flu vaccination or chronic disease if eligible;
  • General information, for example COVID-19 pandemic

We only use email communication as a way of replying to you with requested information or if we feel it is in the best interests of your care.

If you wish to opt out from ever receiving text messages, please contact the surgery and we will update your preferences.

Freedom of Information Disclosure Log

The Freedom of Information (FOI) disclosure log lists our responses to requests made under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 which we feel are of wider public interest.

Welsh GP Record

NHS Wales is making some changes to the way it uses patient information for care.

From autumn 2016 a digital summary of the information held in your GP record will be available to the doctors, nurses and registered health professionals looking after you when you in hospital.

It will help them to give quick, safe and quality care.

Vital information from your GP Record has been available for some time to support your care when the surgery is closed ‘out of hours’ or in an emergency.

But, until now those caring for you in hospital, during an outpatient appointment of in-patient stay, were not able to access the important information held by your GP straight away. This includes current medications, recent tests and allergies.

Only the healthcare professionals looking you can see your information, and only with your permission.  NHS Wales can check on who, when and how every record was looked at.

The Welsh GP Record is a summary of your full GP medical record. It contains your:

  • Name, address and contact details
  • Current medication and medication they have been prescribed in the last two years
  • Allergies or any adverse reactions
  • Current problems or diagnosis
  • Results of any recent tests they have had in the previous year, for example, blood tests and x-rays

It does not include any private discussions you may have had with your GP.


If you don’t want anyone other than your GP to see your records you can opt-out. You can do this by completing an opt-out form available from the surgery.

Patients are encouraged to talk with their GP before opting-out as it could make a difference to the care they receive. If a parent or guardian of a child under 16 does not wish their child to have a record, they can opt-out on their behalf, but should discuss this with their GP first.

Learn More:

All patient information will be treated in strict confidence.

Why does NHS Wales collect information about me?

Does NHS Wales store any information about me on computers?

How do I obtain further information, including health records?

Further Information

Patient Information Leaflets

Your Information, Your Rights: What you need to know

Your Information, Your Rights: What you need to know – Large Print