Secret-Diary-of-a-Practice-Manager-2.jpg (1)

Secret Diary of a PM – GDPR Update

The General Data Protection Regulations (GDPR) come into force on 25 May 2018. To help GP practice managers prepare, we’ve added a wide range of documents to our Policy Library and GDPR Toolkit for members. Here, our anonymous blogger shares an update on their preparations for GDPR…

Along with several other colleagues in the area, I recently attended a training course on the General Data Protection Regulation by primary care trainers Thornfields and now feel a lot more prepared for the changes.

As a surgery, we had decided to wait for the training before getting an action plan in place, whereas others have already started putting things in place, but continually altered plans as they heard something new.

Of course, I had concerns before the course but as things went on in the meeting I realised that we already had a lot of what we needed in place and that any changes were manageable with good planning and the right resources in place.

The fear factor seems to be something we all work on - “What happens if…?” We have now set up a list of things that need doing and will tackle them in a timely manner.

Although a lot of what we see states the changes are to be in place by May 25th, it really means that action plans and changes need to be evident - it can be a work in progress, providing one uses the common sense to take care of their data - as we all do now.

The following article was run on the NHS Network news and is a little light relief. Enjoy if you have not read!


In the consulting room: a mild case of GDPR

In which we establish an evidential link between data protection legislation, headaches and depression in general practice...

GP: What can I do for you today, Mrs Smith?

Patient: How did you get my name?

GP: The receptionist told me before she buzzed you in

Patient: I don’t remember giving her permission to share my details with a third party

GP: It’s her job to tell me who you are

Patient: She didn’t obtain my explicit consent

GP: It was probably an oversight, madam

Patient: Madam? Why is my gender relevant?

GP: It may or may not be. It depends why you’re here

Patient: Well, I’ve not been feeling myself recently

GP: I see. I understand you’ve been having a lot of headaches

Patient: And you obtained that information how, exactly?

GP: It’s all on your health record

Patient: Did I consent to this use of my data?

GP: We need the information to treat you

Patient: Where is that made clear in your privacy policy? The receptionist never mentioned it. She just sent me in

GP: She may have presumed that if you made an appointment, came to the surgery and sat in the waiting room for half an hour that you wanted to see a doctor

Patient: You can’t rely on presumption. I should have been given a clear opt-in

GP: Do you want to see me or not?

Patient: That’s my business. I’m not obliged to disclose a preference either way

GP: This is ridiculous. We’re getting nowhere here

Patient: What are you writing about me? I demand to see it

GP: I’m writing a prescription. Take it to the pharmacy and they’ll give you something that will help

Patient: That’s outrageous. The pharmacist may be able to identify me

GP: We’re going round in circles

Patient: What are you going to do about my headaches?

GP: They’re perfectly normal. You’re suffering from a mild case of GDPR. It may seem painful now but you should make a full recovery by early June

Patient: So I don’t need to do anything?

GP: No, just get plenty of rest and try to avoid processing any sensitive data

Patient: Thanks for putting my mind at rest, doctor

GP: Why are you using my professional title when it isn’t relevant to your stated use of my data?

Patient: I’m very sorry

GP: Don’t mention it – you have a right to be forgotten. Would you mind opting yourself out?

Data controller: Julian Patterson - @jtweeterson

First Practice Management members can access tools and documents that present GDPR in clear and straightforward terms, with resources including a sample Data Map and Privacy Impact Assessment available in our GDPR toolkit area and Policy Library


No Comments

Leave a Comment


Upcoming Events

There are currently no events scheduled.


Practice Manager - London, NW5

Closing Date: 18 March 2020

Salary: £45 - £50k pro rata, depending on experience

Practice Manager - Buckden, Cambridgeshire

Closing Date: 25 February 2020

Salary: £45,000 p/a

Part time Practice Manager – West London

Closing Date: 7 March 2020

Salary: Dependant on skills and experience

Practice Manager - London, NW5

Closing Date: 18 March 2020

Salary: £45 - £50k pro rata, depending on experience

Practice Manager - Buckden, Cambridgeshire

Closing Date: 25 February 2020

Salary: £45,000 p/a

Practice Business Manager - County Durham

Closing Date: 26 February 2020

Salary: £43,000 - £53,000 p.a. depending on skill mix and experience.

What others are viewing now

Latest Forum Posts

Fetching latest posts...