As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.
The General Date Protection Regulation came into force from 25th May 2018. This was designed to harmonize data privacy laws across Europe to protect and empower everyone and to reshape the way organisations approach data privacy. A useful link giving full details is: https://www.eugdpr.org/