This site is intended for health professionals only


£20m will be put into global sum every year for subject access requests

Practices will be given access to a data protection officer (DPO) through their CCG, according to the new GP contract.

The five-year contract, announced by NHS England and the BMA today, will also see a £20m funding boost added to the global sum each year – for the next three years – to cover GPs when dealing with subject access requests.

This will ensure GPs get paid to cover the costs of the requests, after the introduction of the data protection legislation last year removed GPs’ right to charge, the BMA said.

Under the General Data Protection Regulation (GDPR), which came into effect on 25 May last year, GPs must designate a DPO to monitor compliance to the law and act as a point of contact for patients requesting access to their data.

CCGs have previously considered charging practices for access to a DPO, with one suggesting up to £1,800 a year.

GPs have been dealing with a barrage of subject access requests since the introduction of GDPR, according to the BMA, which reported that requests have increased over a third (36%) since the rules – which mean that GPs can no longer charge a nominal fee for such requests – came into force.

The new GP contract, published today, said: ‘In recognition of income loss and workload from subject access requests, £20m of additional funding will be added to the global sum for the next three years.’

In a statement, the BMA told GPs: ‘Funding for practices to deal with subject access requests following the removal of the ability to cover costs under GDPR legislation.

‘Practices will also have access to a DPO through their CCG, to provide support on GDPR issues.’

Earlier this month, the GP partnership review suggested that CCGs pay for practices’ data protection officers, to help overworked GPs cope with patient data requests.

See all the headlines from the 2019/20 GP contract here…