GDPR: The General Data Protection Regulation (2016/679) is the new EU Regulation on Data Protection, which will come into force on the 25th May 2018.

Personal Data: Information relating to a living individual who is, or can be, identified by that information, including data that can be combined with other information to identify an individual. This can be a very wide definition, depending on the circumstances, and can include data which relates to the identity, characteristics or behaviour of an individual or influences the way in which that individual is treated or evaluated.

This will mean medical notes, letters from consultants, blood and other results, etc., that form your medical record.

Processing: means performing any operation or set of operations on personal data, including:

  • obtaining, recording or keeping data;
  • organising or altering the data;
  • retrieving, consulting or using the data;
  • disclosing the data to a third party (including publication); and
  • erasing or destroying the data.

Data Controller: A Data Controller is the person or organisation who decides the purposes for which, and the means by which, personal data is processed. The purpose of processing data involves ‘why’ the personal data is being processed and the ‘means’ of the processing involves ‘how’ the data is processed.

Data Processor: A person or organisation that processes personal data on the behalf of a data controller.

Data Subject: A Data subject is the individual the personal data relates to.

More information can be found at

Back to How we work

How we work