Data Protection

The practice is fully computerised and the confidential information held on computer is covered by the Data Protection Act.

The Data Protection Act 1998 governs the use of personal information through data protection principles. These principles require that personal information is:

  • Processed fairly and lawfully
  • Processed for one or more specified and lawful purpose, and not further processed in any way that is incompatible with the original purpose
  • Adequate, relevant and not excessive
  • Accurate and, where necessary, kept up to date
  • Kept for no longer than is necessary for the purpose for which it is being used
  • Processed in line with an individual’s rights
  • Kept secure with appropriate technical and organisational measures taken to protect the information
  • Not transferred outside the European Economic Area (the European member states plus Norway, Iceland and Lichtenstein) unless there is adequate protection for the personal information being transferred

As we process personal information covered by the act, our staff comply with the data protection principles.