The General Data Protection Regulation (GDPR)

The GDPR is the new EU legislation to protect the personal data of all EU citizens. It will apply even if we are no longer part of the EU. It will be a significant change in Data protection for all of the UK, including the NHS and healthcare providers GDPR came into effect in the UK on 25 May 2018.


As a practice we are committed to ; 

  • Ensuring the security and protection of personal information and how it is processed 

  • Providing a compliant and consistent approach to data protection

  • Complying with the requirements of the GDPR.

  • This means that your health and care data will carry on being handled securely and in line with the regulations.



The documents linked below explain how we, The Bridge Surgery use the data we hold about our patients and your rights. And for more information, you can visit 

Keeping Your Data Safe

Subject Access Policy
Privacy Notice

Confidentiality & Medical Records

The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:

  • To provide further medical treatment for you e.g. from district nurses and hospital services.

  • To help you get other services e.g. from the social work department.

  • This requires your consent.

  • When we have a duty to others e.g. in child protection cases anonymized patient information will also be used at the local and national level to help the Health Board and Government plan services e.g. for diabetic care.

If you do not wish anonymous information about you to be used in such a way, please let us know.

Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.

Data Protection Policy 

Freedom of Information

Information about the General Practitioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.

Access to Records

In accordance with the Data Protection Act 1998, The GDPR  and Access to Health Records Act, patients may request to see their medical records.

Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without patient consent unless we are legally obliged to do so.

Subject Access Request Form