General Data Protection Regulations (GDPR)

In line with the new data privacy laws which come into effect on 25th May 2018 we have made some amendments to our privacy policy.

Our privacy notices explains why The Witley and Milford Medical Partnership collect information about you, how we keep it safe and confidential and how that information may be used.

We collect and hold data for the sole purpose of providing healthcare services to our patients. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and information such as outcomes of needs assessments.

We maintain our duty of confidentiality to you always. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.

Confidential patient data will be shared within the health care team at the practice, including nursing staff, admin staff, secretaries and receptionists, and with other health care professionals to whom a patient is referred. Those individuals have a professional and contractual duty of confidentiality.

A number of data sharing schemes are active locally, enabling healthcare professionals outside of the surgery to view information from your GP record, with your explicit consent, should that need arise.

We are sometimes legally obliged to disclose information about patients to relevant authorities. In these circumstances the minimum identifiable information that is essential to serve that legal purpose will be disclosed.

The Witley & Milford Medical Partnership sometimes undertakes accredited research projects. Where this involves accessing identifiable patient information, we will only do so with the explicit consent of the individual and Research Ethics Committee approval.

You have the right to object to (or opt-out of) ways by which your information is shared, both for direct medical care purposes (such as the national NHS data sharing schemes), i.e. primary uses of your information, or for purposes other than your direct medical care – so called secondary uses.

You have the right to access your own GP record and to have any factual inaccuracies corrected. Details of how to do this can be found on our website or in our “Your Medical Records” booklet in the surgery.

We are registered as a data controller and our registration can be viewed online in the public register at:

  • Dr Elisabeth Galloway is our Information Governance Lead & Caldicott Guardian.
  • Adam Spinks is our Data Protection Officer, Surrey Heartlands CCG.

Date published: 18th June, 2021
Date last updated: 18th June, 2021