Notice on Compliance with the General Data Protection Regulation (GDPR) and on the Privacy of your Personal Data

Mr Ciaran O’Boyle and staff are committed to protecting and respecting patient privacy, and are fully compliant with the Data Protection Act 1998, the 2018 General Data Protection Regulation (GDPR) and medical confidentiality guidelines issued by the GMC.  This is a brief summary to make it easier for you to understand this Privacy Notice.

How Is Personal Data Collected?

We will collect information about you if you contact us with an enquiry, or if you have been referred from another doctor, healthcare or health insurance company or legal firm.  This Privacy Notice only applies to the practice of Mr Ciaran O’Boyle, so to understand how other individuals or companies store and handle your personal information, you should read their GDPR Privacy Notices.

How Is Personal Data Stored?

Personal data includes paper records, electronic and photographic files.  Your data is stored and transferred in accordance with the UK Data Protection Act and GDPR. We use physical, electronic and management procedures to safeguard all collected information. We will only hold your information securely, for as long as is necessary.

How Do We Use Your Personal Data?

Your information will only be used for the purposes for which you provided it. Should we wish to use it for any other purpose, we will ask for your specific permission.  Your information will not be passed on to any other parties for marketing purposes, or to government bodies, unless required by law or court order.

Other healthcare workers, clerical and administrative staff, medical insurers, or legal representatives who may have access to your personal data must respect the confidentiality of your data.  If sharing of personal data with third parties is necessary for the provision of your care, this will be done in a secure way, in accordance with the Data Protection Act and GDPR.  In cases of non-payment of medical fees, non-medical data may be shared with debt collection agencies.

What Are Your Rights?

Under the GDPR, you have rights, which we will always work to uphold.  You have the right to access your personal data; to have your data rectified; the right to be forgotten; the right to restrict or prevent processing of your data; and the right to object to the use of your data.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

Who Is The Controller For Your Personal Data?

Mr Ciaran O’Boyle is the Data Controller for your personal data.  He is registered with the Information Commissioner’s Office (Ref:  ZA189268).

Data Breaches

If a breach of data security occurs, we will report this to all relevant persons within 72 hours of the breach, if it seems that personal data has been accessed.

Changes To This Privacy Notice

We may change this Privacy Notice from time to time.  This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.  Any changes will be made available on the website.

How To Contact Us

If you have any questions or concerns about this privacy notice, you can contact us by email at:, or via the Contact page on the website or by telephone on 0115 9713593.