Handling personal data breaches (primary care)

This module has been updated to reflect the GMC's 'Good medical practice' (2024) guidance.

This course is aimed at GPs, practice managers, senior administrators and anyone else who has managerial responsibility for data protection in the practice.

By the end of this module you should:

• be able to identify a personal data breach
• know when and how to notify a personal data breach to the Information Commissioner's Office (ICO)
• know the timescales for notifying a breach
• know what information you must give to the ICO when a notifying a breach
• know which records the practice must keep in relation to personal data breaches
• understand when and how to inform the patient who is the subject of the breach.

The practice is likely to be a data controller of both patient data, and of other data subjects such as employees. This module specifically covers personal data breaches where the patient is the data subject, although many of the principles in the module are applicable to data breaches of other personal data the practice may hold.

Not a member?

Find out more about the benefits of membership and how to join.