top of page

What is the GDPR, why is it happening, and when?

The General Data Protection Regulation (GDPR) is a Europe-wide law that comes into force on 25 May 2018. It is part of a wider package of reform of data protection in the UK that replaces the Data Protection Act 1998. It applies to those responsible for controlling and processing personal data, including general practices and NHS trusts. The detailed application of the GDPR in the UK will be set out in a new data protection act, which parliament has yet to agree.

What is personal data?

Personal data is any information that can identify a living person—it can include name, NHS number, or a computer IP address. Personal data that reveal a person’s health are “special category” data with greater protection under the GDPR.

What are the key changes?

While the key principles of the original legislation remained unchanged, the new regulation strengthens the rights of individuals (“data subjects”) to request access to their personal data and tightens up data security and accountability. It will not be enough for NHS and other public bodies to comply—compliance must be “actively demonstrated.” There are new legal requirements to report data breaches that pose a risk to subjects’ rights, normally within 72 hours, and potentially higher financial penalties for breaches and non-compliance. Patients should be able to access their records free of charge in most cases.

please read this key article from British Medical Association click here 

How our London ENT Practice uses your information to provide you with healthcare! 


This practice keeps medical records confidential and complies with the General Data Protection Regulation.

We hold your medical record so that we can provide you with safe care and treatment. 

We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.


We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care.

For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy. Continue to read here, please 

Privacy Policy


Data Protection Policy

Our data protection policy lays out our procedures that ensure our medical/ surgical care at Mr Ali Taghi Ear, Nose, Throat Practice in London and our employees comply with The General Data Protection Regulation (GDPR).

What personal data do we hold?

To provide patients with a high standard of surgical care, we need to hold their personal information. This personal data can include:

  • Past and current medical condition; personal details such as age, address, telephone number and general medical practitioner

  • Radiographs, clinical photographs and study models

  • Information about their treatment that we have provided or propose and its cost

  • Notes of conversations or incidents that might occur for which a record needs to be kept

  • Any correspondence relating to them and other health care professionals, for example in the hospital or Medical Specialist Group.


Why do we hold information about you?

We need to keep comprehensive and accurate personal data about patients to provide you with safe and appropriate dental care. We will ask you periodically to update your medical history and contact details.

Retaining information

We will retain your records while you are a practice patient and after you cease to be a patient, for at least 10 years, or for children until age 25, whichever is the longer.


Security of information

Personal data about you is held in the practice’s computer system and/or in a locked manual filing system. The information is only accessible to authorized team members. Our computer system has secure audit trails and we back up information routinely.


Disclosure of information

To provide proper and safe dental care we may need to disclose personal information about you to:

  • Your general medical practitioner

  • NHS Medical or Dental Services

  • Other health professionals caring for you

  • Medical Specialist Group

  • The insurance company you are affiliated with

  • Our billing company

  • Agents and Third parties as required by legal and law


Disclosure will take place on a ‘need-to-know’ basis. Only those individuals/organisations who need to know to provide care for you and for the proper administration of Government (whose personnel are covered by strict confidentiality rules) will be given the information.

In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, the disclosure that is not covered by this Policy will only occur when we have your specific consent. Where possible you will be informed of these requests for disclosure.

Access to your records

You have the right of access to the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be in writing to The Practice Manager.


 If you do not agree

If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please discuss the matter with your doctor (Mr Ali Taghi who is the guardian of your data and the data protection officer at the practice). You have the right to object; however, this may affect our ability to provide you with dental care.

You have a right to withdraw your consent at any time, however, this will not be retrospective.


This policy is subject to changes, and the DPO will make aware of any changes as it happens 


please click here to obtain your copy of this policy 

A more detailed policy and notice are here (please read carefully) 

please read the above policy carefully before proceeding or you can get your copy here 

The EU General Data Protection Regulation (GDPR) is a data privacy regulation to protect all EU citizens’ data. It gives your customers, among other requirements, the right to receive or delete all their personal data. 

Learn more.

Here you can submit a request on behalf of your customers to:
1. Get a copy of their data or
2. Permanently delete their data

Name: *

Email: *

Phone: *

Message: access or delete

Thanks! Message sent. We aim to response within 72 hours

Cookies policy is here 

How to delete cookies from your browser, click here. (another window will open)  

bottom of page