• Significantly there can no longer be a charge for Subject to Access Requests unless it is manifestly unfounded or excessive or a repeated request. The time limit has been reduced to one month rather than 40 calendar days although it can be extended for particularly complex or numerous requests. The ability to charge has also been removed from applications for records of deceased patients but unlike SARs the time period for a response for the records of deceased patients remains the same (21 or 40 days depending on the last addition to the record).

    NB: this is distinct from solicitors seeking records by use of Forms of Authority signed by Claimants. It has even been suggested that advising a Claimant to make a SAR to disclose certain records including health records is a criminal offence under S.184 (2) DPA 2018 however in reality no offence is committed if the Claimant is given a genuine choice as to whether to provide authority for access to his/her lawyer and a right to decline to sign forms of authority.

    Penalties for data protection breaches will increase under a new two tier system; breaches of controller or processor obligations are fined within the first tier up to €10 million or 2% of global turnover or for breaches of data subjects’ rights and freedoms, the higher level of up to €20 million or 4% of global annual turnover.

    These maximum penalties however will be considered in context by the ICO in relation to nature, gravity and duration of the breach as well as the type of personal data affected any previous infringements and level of cooperation. ICO has described the changes as “an evolution in data protection, not a burdensome revolution”.

    This content is correct at time of publication

    Can we help?

    Take a look at our Data Protection and GDPR, Healthcare page for useful information, resources, guidance, details of our team and how we may be able to help you

  • Get in touch

    Please fill out the below form or alternatively you can call us on 01622 690691

      By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you subscribe to any of our newsletters, you can unsubscribe any time using the link in the email. Please view our privacy statement for more information