GDPR - GPC - Blog 16

16 Blog Sixteen, Those you employ

Its not just the patients! As GPs some of us are running the businesses and that means employing staff we have GDPR to think about as employers. Our staff, the doctors, nurses, managers, receptionists and typists as our DSs too. They have rights too. Their rights need to be observed.

What are those rights?

Well as with everything else in GDPR your rights are linked to the lawful basis for processing, for instance if your data is being processed under consent you do not have the right to object to processing, there’s no point, you just withdraw your consent. If your data is being processed according to a legal obligation, you can object but its not guaranteed. If you give data to a DC you can have it back in a portable format, but only if you supplied it to the DC personally, and or it was consented freely and or it was processed by automated means.

So our employee data is held for legal reasons, CQC and HMRC to name but two?


So consequentially our employees rights under GDPR are…..

the right to be informed directly and via Privacy Notices

the right of access, SARs and TSARs

the right to rectification of incomplete or erroneous data

and the right to request a block on processing during rectification

but other rights do not apply

the right to be forgotten, HMRC, forgotten, wouldn’t we all!

the right to data portability, no, not if we are processing the data under a legal obligation.

And that’s it

Well that is short. I reckon by now you will be pretty up to speed on GDPR things general and specific so no need to dive too deeply in this blog. Its now 2:40 am and I have one more to write, Blog 17 Consent, wish me luck, with a bit it will be there by 9am 16/4/18.

Dr Paul Cundy

GPC IT Policy Lead

16th April 2018

All Content and Images are  the Copyright property of
The Mid Mersey Local Medical Committee. 
© 2014 - 2022. All Rights Reserved.