This site is intended for health professionals only

At the heart of general practice since 1960

Read the latest issue online

Gold, incentives and meh

Report this comment to a moderator

Please fill in the form below if you think a comment is unsuitable. Your comments will be sent to our moderator for review.

Report comment to moderator

Required fields.


Government must protect GPs against new data protection legislation, say LMCs


I’ve always thought that I owned the IT infrastructure ( with 100% reimbursement) however the CCG tell me that the NHSE own it. The NHSE also has determined who joins my list, as I have no veto. In essence then the NHSE owns the list and the IT systems. There is probably a case to say that NHSE is the data controller. The distinction is between data controller or data processor. Here is the distinction defined legally: Under the current EU Data Protection Directive: only the controller is held liable for data protection compliance, not the processor any processing must be: (a) governed by a written contract; (b) carried out in accordance with the controller’s instructions; and (c) subject to appropriate security measures in order to protect itself against unnecessary compliance risks, generally, a controller will seek to pass its responsibilities to the processor via the data processing agreement regardless of the existence of any data processing agreement, controllers remain legally responsible for any breaches caused by the actions of their data processors I think that pretty well sums it up. We are the processors, not the controllers.

Posted date

13 Mar 2018

Posted time