Subject Access Requests (SARs)

Under the new General Data Protection Regulations (GDPR), you are entitled to request access to the data we hold on you.

Recital 63 of the GDPR states, “a data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.”

Our GDPR privacy policies are view-able via the main menu. These lay out the legal basis by which we gather, hold and process your personal data.

The quickest and most straightforward way for you to view your personal medical record is to request access to your detailed medical records through the SystmOnline portal. Here you can view entries made in your clinical record, clinic letters, test results and other coded information such a blood pressure readings. You can filter the record by date or by data type. You will need a SystmOnline username and password which you can obtain by asking at reception. You will need to provide photo ID to confirm your identity.

Once you have made your request, your GP will need to check your medical record to ensure that any sensitive information about third parties is removed before your record is released to you via the online portal.

If you require access to your medical record that preceded computerisation (the date of this can vary, but most surgeries had fully computerised records from about 2005 onwards) you will need to put in a request to the surgery. Please use the form here to submit a request.

Please note: whilst the GDPR regulations state that a copy of your personal data should be provided free, we may charge for additional copies. We can charge a fee if we think the request is ‘manifestly unfounded or excessive’. If so, we may ask for a reasonable fee for administrative costs associated with the request.