Visit our Clinical Hub ยป

Processing of patient personal data: A guideline for general practitioners, Version 2.3

Author: ICGP Data Protection Working Group

Publication Year: 2019


Table of Contents:

Part 1: Core principles of data protection
1. Introduction
a) Purpose of the guideline
b) Members of the data protection working group
c) Scope and application of the guideline
d) Limitations and cautions
e) Definitions

2: Records of processing activities
a) Identifying the data controller
b) Purpose of the processing
c) Categories of personal data
d) Categories of recipients whom we share personal data
e) Transfers to a third country
f) Time limits
g) Security measures

3. Compliance with data protection principles
a) Lawfulness, fairness and transparency
b) Purpose limitation
c) Data minimisation
d) Accuracy
e) Integrity and confidentiality
f) Accountability

4. Compliance with individual rights
a) Right to access
b) Right to rectification
c) Right to erasure
d) Right to restriction of processing
e) Right to data portabillity
f) Right to object
g) Automated individual decision-making, including profiling

5. Personal data breach handling
a) Notifying the data protection commission
b) Notifying the data subject
c) Data breach flow chart and examples

6. Miscellaneous Provisions
a) Data protection impact assessment (DPIA)
b) Data protection officers (DPO)
c) Data protection and cyber security awareness and training details
d) Employee / Office workers confidentiality agreements

7. Bibliography

Part 2: Frequently Asked Questions

Part 3: Appendices
Appendix A: Data protection checklist
Appendix B: Sample request for transfer of GP records
Appendix C: Request form for access to medical records
Appendix D: Waiting room notice
Appendix E: Practice privacy statement
Appendix F: Data protection accountability log
Appendix G: Medical student confidentiality agreement
Appendix H: Staff confidentiality agreement
Appendix I: Template for records of processing activity


Processing of patient personal data: A guideline for general practitioners.

Format Download
Keywords data protection, general practice, GDPR
Publisher Irish College of General Practitioners
Pages 47
Categories: Irish Content, ICGP Resources
External Link
Email:, Tel: 01 6763705, Fax: 01 6765850