General Data Protection Regulation (GDPR)


Westcourt Medical Centre is continually working to comply with the General Data Protection Regulation which came into effect on 25th May 2018. We will reviewing how GDPR affects the way the surgery processes your personal data, including confidential health records. There is no deadline currently for GP practices to be fully compliant but there is an expectancy for surgeries to be actively working towards full compliance from 25th May 2018.

To ensure all patients at Westcourt are made aware of their rights under the new legislation, and so that the surgery meets its responsibilities under the GDPR, we will be adding information to this page as it becomes available to us and when centrally-approved by NHS England.

Various actions will occur over the coming months as part of the surgery working toward full GDPR compliance and we will let you know via posters/leaflets in the surgery, through our waiting room screens and on this website.

The eleven 'Privacy Notices' we have to display are available for you to download below, or we can provide hard copies for you at Reception.

We text those patients who have agreed to receiving appointment reminders, and other healthcare-related messages such as the Friends and Family Test feedback, on their mobile phones.

If you no longer want to receive any text reminders, you have the right to opt out. Please note that by opting out, it means you will not receive any texts from the practice, but you can opt in again at any time. Please let the practice know if you wish to opt out.


NHS 111 COVID-19 Triage response

Purpose – in order for NHS 111 to triage patient calls with queries regarding Covid-19 during practice closures or times of pressure on the system, enabling  the robust process for patients, potentially suffering with covid-19, to be triaged and treated in the most effective and appropriate way.

Legal Basis - The Secretary of State for Health and Social Care has issued NHS Digital with a Notice under Control of Patient Information Regulations (COPI). This allows NHS Digital to share patient information with organisations entitled to process this under COPI for COVID-19 purposes. This means that for GP Connect, NHSD are creating a single ‘National Sharing Agreement’ on the Spine that contains all GP practices in England.

Patients can opt out of their information being shared with GP Connect by contacting their GP practice and requesting a Type 1  Opt out.  Please note that opting out of having information shared may delay or impair the ability for urgent treatment.

Processor – NHS Digital, NHS 111  via GP Connect.

Treatment, Research & Planning

Purpose – for the collection of Personal confidential data regarding the diagnosis, testing, self-isolating, fitness to work, treatment medical and social interventions and recovery from Covid-19. To enable research and planning during the Covid-19 pandemic.

Legal Basis - Notice under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI), which were made under sections 60 (now section 251 of the NHS Act 2006) and 64 of the Health and Social Care Act 2001. Data will only be extracted for those patients who have consented to the process.

Provider - BioBank

 COVID-19 and Your Information


Purpose –The practice uses an internet-based telephony system that records telephone calls. Patients will have the right to decline recordings of calls as is their individual right. The calls will be held on the external server for a duration of 3 years unless requested for them to be removed sooner. The telephone system has been commissioned to assist with the high volume and management of calls into the surgery, which in turn will enable a better service to patients.

Legal Basis - While there is a robust contract in place with the processor, the surgery has undertaken this service to assist with the direct care of patients in a more efficient way.

Article 6 1 (e) Public Task

Article 9 2 (h) Health data

Provider – Surgery Connect – X-ON



01. Privacy Notice for Direct Care

02. Privacy Notice for Summary Care Record

03. Privacy Notice for NHS Digital

04. Privacy Notice for Public Health

05. Privacy Notice for Emergencies

06. Privacy Notice for Safeguarding

07. Privacy Notice for Commissioning, Risk Stratification etc.

08. Privacy Notice for Payments

09. Privacy Notice for CQC

10. Privacy Notice for National Screening Programmes

11. Privacy Notice for Research


GDPR Video

© Tree View Designs Ltd 2021