General Data Protection Regulation (GDPR) 2018 (replacing ‘Data Protection Act 1998)
The General Data Protection Regulation came into force in the UK on 25th May 2018, building on the Data Protection Act (1998). Since how we manage our services are already highly regulated little change is needed to our current procedures. However, the new regulation does require we communicate that we are complying with this new legislation and the rights surrounding the personal information we hold.
To enable us to discharge the services agreed under our engagement by service users (and/or their families or other authorised persons acting on their behalf), and for other directly related purposes including updating and enhancing service user records, communicating with relevant health and social care organisations (including all branches of the NHS), providing statutory, legal and regulatory compliance, and managing our business effectively, we may obtain, use, process and disclose relevant personal data about them.
All personal data held is necessary for the legitimate provision of our services and is not further processed or passed onto other organisations (without explicit consent) in a way that is incompatible with those purposes.
Under GDPR legislation you have the right to access the personal data that we hold about you. You also have the right to request that this personal data be deleted if we no longer provide services to you, which we will do so except where we are required to keep it (or some of it) securely for legal reasons.
We confirm when processing data that we will comply with the provision of the General Data Protection Regulation 2018. For the purposes of the General Data Protection Regulation 2018, the Data Controller in relation to personal data supplied about our service users is Mr Chris Bourke.