Protection of Personal Information

Confidentiality Policy

All staff working in the Exeter Laboratory at the Royal Devon and Exeter Hospital NHS Foundation Trust are bound by a legal duty of confidence to protect any personal information they may come into contact with during the course of their work. The staff adhere to their responsibilities for safeguarding confidentiality and preserving information security.

As of May 25th 2018 the EU law regarding personal data, the General Data Protection Regulations (GDPR) comes into force. This law was introduced to ensure all EU member states approach how personal data is handled in a unified manner and will mean greater transparency about how collected data is used, as well as stricter enforcement and increased penalties for non-compliance. Further information about the GDPR can be found on the Information Commissioner’s Office website.

In the UK, the Data Protection Act, 1998 (DPA) has been replaced with the Data Protection Act, 2018. When the UK leaves the EU, we will continue to uphold the same Privacy Laws as the rest of the EU.

The Exeter molecular genetics laboratory has always processed patient data responsibly and confidentially, in compliance with the NHS England Confidentiality Policy (June 2016), the DPA and NHS Care Record Guarantee, and will continue to do so with the implementation of the GDPR.