The practice is fully computerised and the confidential information held on computer is covered by the Data Protection Act.
The Data Protection Act 1998 governs the use of personal information through data protection principles. These principles require that personal information is:
- Processed fairly and lawfully
- Processed for one or more specified and lawful purposes, and not further processed in any way that is incompatible with the original purpose
- Adequate, relevant and not excessive
- Accurate and, where necessary, for the purpose for which it is being used
- Processed in line with the rights of the individuals
- Kept secure with appropriate technical and organisational measures taken to protect the information
- Not transferred outside the European Economic Area (the European Union member states plus Norway, Iceland and Liechtenstein) unless there is adequate protection for the personal information being transferred
As we process personal information covered by the Act, our staff comply with the Data Protection principles.