top of page


General Data Protection Regulations (GDPR)

What is GDPR ?

GDPR is a law that determines how your personal data is processed, kept safe and the legal rights that you have in relation to your own data. The regulation applies from 25th May 2018. GDPR will supersede the Data Protection Act. It is similar to the Data Protection Act (DPA) 1998, which the Practice already complies with but strengthens many of the DPA's principles.

What is Personal Data ?

Personal data is information related to a single person, such as his/her name, age, medical history, diagnosis, etc.

What GDPR Will Mean for Patients and Staff

Your data;

  • Must be processed lawfully, fairly and transparently

  • Must only be collected for specific, explicit and legitimate purposes

  • Must be limited to what is necessary for the purposes for which it is processed

  • Must be accurate and kept up to date

  • Must be held securely

  • May only be retained for as long as is necessary for the reasons it was collected (your health records will be held by us indefinitely in accordance with NHS Scotland protocol).


Patient / Staff rights;


  • Be informed about how their data is used 

  • To have access to their own data

  • To ask to have incorrect information changed

  • To restrict how their data is used

  • To move their data from one organisation top another (eg changing practice when moving house)

  • To object to their personal information being processed (in certain circumstances)

What is Consent ?

Consent is permission from patients / staff - an individual's consent is defined as;

  • Any freely given, specific and informed, indication of his/her wishes by which the individuals have a right to withdraw consent at any time.

Click HERE to view the Dunvegan Medical Practice GDPR Privacy Statement

bottom of page