Hallo Jason
As I understand it in the new GP contract (not signed off yet) the PCT
insists upon being the Data Controller which means that the GP practice
would be the Data Processor. Your client would be a contracted Data
Processor once removed from the PCT.
This alters the scenario, once the GP contract is in force, quite
significantly for the future.
I would guess, right now, that the GP practice is the Data Controller and
your client a Data Processor. One would hope that the GP is only sending
personal information to your client for patients the GP has referred to
h/er. The GP should also have a contract with your client on protecting
the practice as Data Controller. In this case your client should not be
passing this patient data to the PCT, imho.
Gil Richardson
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|