Data Protection

Data Protection and Confidentiality

We are registered under the data protection act and are bound by the rules governing the collection and storage of personal data.

What are General Data Protection Regulations (GDPR)

General Data Protection Regulations (GDPR) is legislation that came into effect on 25 May 2018. It, coupled with the new UK Data Protection Act (DPA 2018), replaced the Data Protection Act 1998 in the UK. It expands the rights of individuals to control how their personal data is collected and processed, and places a range of  obligations on organisations to be more accountable for data protection.

The GDPR applies to personal data and must be processed according to the data protection principles:

  • Processed lawfully, fairly and transparently.
  • Collected only for specific legitimate purposes.
  • Adequate, relevant and limited to what is necessary.
  • Must be accurate and kept up to date.
  • Stored only as long as is necessary.
  • Processed in line with the data subjects rights.
  • Ensure appropriate security, integrity and confidentiality.
  • Not be transferred to other countries without adequate protection.

Please click here for further information on how we use your information.

Subject Access Request (SAR)

The current Data Protection Act and General Data Protection Regulations details the rights of access to both manual data (which is recorded in a filing system) and computer data for individual / data subject. This is referred to as Subject Access Request and gives the rights to a patient to request personal information Hampstead Group Practice hold about them. 

All requests to view medical records or to receive copies of your records should be made in writing by completing the Subject Access Request Form. We recommend that if you would like to see your records a time is arranged to do this with your registered GP as there may be medical terminology that requires explanation.  

We have a duty to keep your medical records accurate and up to date.  Please feel free to advise us of any errors of fact which may have crept into your medical records over the years.

Your personal data will only be seen by professionals at the practice directly involved in providing your care. Occasionally anonymised health information is sent to the Primary Care Trust (NHS Camden) to support quality monitoring, public health analyses or post-payment verification.  We will not send any information about you to outside agencies (e.g. insurance companies) without your consent. In addition, no information will be given to partners or relatives without your written consent.


This practice does not discriminate on the grounds of race, gender, social class, age, religion, sexual orientation, appearance, disability or medical condition.


We have CCTV installed for your protection and the protection of our staff. We are registered with the ICO.