Most people don\u2019t think about what happens to their medical records once they\u2019ve left the clinic. But in eye care, the amount of data collected during even a single consultation can be staggering.<\/p>\n\n\n\n
Your details might include your name, date of birth, contact details, GP information, and next of kin \u2014 but that\u2019s just the start. During your visit, the clinic might record:<\/p>\n\n\n\n
- \n
- Detailed medical and ocular history<\/li>\n\n\n\n
- Optical coherence tomography (OCT) scans<\/li>\n\n\n\n
- Corneal topography or biometry data<\/li>\n\n\n\n
- Visual field test results<\/li>\n\n\n\n
- Intraocular pressure readings<\/li>\n\n\n\n
- Photographs of your retina or anterior segment<\/li>\n\n\n\n
- Surgical consent forms and pre-operative notes<\/li>\n<\/ul>\n\n\n\n
All of this forms what\u2019s known as special category data under UK law. That means it\u2019s particularly sensitive and requires extra protection. Unlike ordinary personal data, health records can reveal intimate details about your wellbeing, genetics, and even lifestyle choices. If mishandled, this information could cause significant harm \u2014 both personal and professional.<\/p>\n\n\n\n
That\u2019s why data protection isn\u2019t a formality for clinics. It\u2019s a legal duty and an ethical commitment.<\/p>\n\n\n\n
The Legal Framework: GDPR and Beyond<\/strong><\/h2>\n\n\n\n
![\"\"](\"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-content\/uploads\/2025\/11\/Patient-questionnaire-5-1024x409.webp\")
<\/figure>\n\n\n\nLet\u2019s start with the basics. In the UK, data protection in healthcare is governed mainly by two pieces of legislation:<\/p>\n\n\n\n
- \n
- The UK General Data Protection Regulation (GDPR)<\/strong><\/li>\n\n\n\n
- The Data Protection Act 2018 (DPA 2018)<\/strong><\/li>\n<\/ol>\n\n\n\n
Together, these laws define how clinics can collect, store, and process your personal data. Under GDPR, your medical records are considered \u201cspecial category\u201d information, meaning they need the highest level of safeguarding.<\/p>\n\n\n\n
Lawful Basis for Processing<\/strong><\/p>\n\n\n\n
Every clinic must have a legal reason \u2014 known as a lawful basis<\/em> \u2014 for processing your information. In healthcare, this usually falls under \u201cprovision of health or social care\u201d or \u201cpublic interest in public health\u201d. In other words, your data is used because it\u2019s necessary to deliver your treatment or ensure clinical safety.<\/p>\n\n\n\n
You don\u2019t need to give explicit consent for your doctor to keep your records for your care, but you do<\/em> need to give informed consent for anything beyond that \u2014 like using anonymised scans in research or case studies.<\/p>\n\n\n\n
Your Rights Under UK GDPR<\/strong><\/p>\n\n\n\n
You have several powerful rights as a patient under the law:<\/p>\n\n\n\n
- \n
- Right of access:<\/strong> You can request a copy of all the information a clinic holds about you.<\/li>\n\n\n\n
- Right to rectification:<\/strong> If something\u2019s wrong, you can ask them to correct it.<\/li>\n\n\n\n
- Right to erasure:<\/strong> In certain cases, you can ask for your data to be deleted.<\/li>\n\n\n\n
- Right to restriction:<\/strong> You can request that your data isn\u2019t used in particular ways.<\/li>\n\n\n\n
- Right to object:<\/strong> You can refuse your data being used for marketing or non-essential analytics.<\/li>\n<\/ul>\n\n\n\n
Clinics are legally obliged to respond within one month of receiving your request. That\u2019s not optional \u2014 it\u2019s a regulatory requirement.<\/p>\n\n\n\n
How Eye Clinics Collect and Use Your Data<\/strong><\/h2>\n\n\n\n
![\"\"](\"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-content\/uploads\/2025\/04\/Cover-questionnaire-2-1024x456.webp\")
<\/figure>\n\n\n\nLet\u2019s walk through what happens from the moment you book an appointment.<\/p>\n\n\n\n
1. Appointment Booking<\/strong><\/p>\n\n\n\n
When you call, email, or fill out a form online, the clinic collects your basic details: name, contact information, preferred date, and sometimes a brief medical reason for your visit. If you\u2019re referred by another healthcare provider, the referral letter will also be stored securely in your record.<\/p>\n\n\n\n
A good clinic will include a link to its privacy policy at this stage \u2014 clearly stating how they collect, store, and use your data. This is part of the fair processing<\/strong> principle under GDPR.<\/p>\n\n\n\n
2. Registration and Initial Assessment<\/strong><\/p>\n\n\n\n
When you arrive, you\u2019ll often be asked to complete or confirm a registration form. It usually includes personal identifiers, emergency contact details, and sometimes an insurance or payment record. This document is often stored electronically in an Electronic Medical Record (EMR)<\/strong> system, which is password-protected and accessible only to authorised staff.<\/p>\n\n\n\n
During your consultation, the clinician will collect a detailed ocular and medical history. This might include systemic health conditions, allergies, and medications \u2014 all of which can influence eye health and treatment options.<\/p>\n\n\n\n
3. Imaging and Diagnostic Data<\/strong><\/p>\n\n\n\n
This is where things get particularly data-intensive. Modern ophthalmology relies heavily on imaging \u2014 from high-resolution OCT scans to detailed corneal maps and fundus photography.<\/p>\n\n\n\n
Each of these creates large digital files stored on secure servers or cloud-based imaging systems. Because these images can technically identify you (for example, through metadata or associated patient ID), they\u2019re covered under data protection law.<\/p>\n\n\n\n
Most clinics will:<\/p>\n\n\n\n
- \n
- Encrypt files both in storage and during transfer<\/li>\n\n\n\n
- Restrict access to ophthalmic and technical staff<\/li>\n\n\n\n
- Keep audit logs showing who viewed or edited the file<\/li>\n\n\n\n
- Back up data on secure servers (sometimes off-site or cloud-based)<\/li>\n<\/ul>\n\n\n\n
If images are ever used for teaching, audit, or research, they are anonymised first \u2014 and only used after gaining appropriate patient consent.<\/p>\n\n\n\n
4. Consent Forms and Surgical Data<\/strong><\/p>\n\n\n\n
When you consent to surgery or treatment, you\u2019re also consenting to the collection of more data \u2014 including your biometric readings, surgical plan, implant details, and perioperative notes.<\/p>\n\n\n\n
Your consent form is a legal document and must be securely stored as part of your record. Under GDPR, this information can\u2019t be altered or shared without your permission unless it\u2019s required for your ongoing care or legal obligations.<\/p>\n\n\n\n
Any third-party systems used (for example, manufacturers collecting implant data for traceability) must have formal data-processing agreements in place. Clinics can\u2019t just send your details to anyone \u2014 every sharing arrangement must meet GDPR standards.<\/p>\n\n\n\n
5. Follow-Up and Archiving<\/strong><\/p>\n\n\n\n
Your data journey doesn\u2019t end after surgery. Post-operative visits, outcome measurements, and future appointments all add to your record.<\/p>\n\n\n\n
UK professional guidelines (including those from the Royal College of Ophthalmologists) recommend that clinical data be retained for at least ten years after your last visit. If you were under 18 when treated, records are often kept until your 25th birthday.<\/p>\n\n\n\n
Once that retention period expires, the data must be securely destroyed or anonymised. Paper notes are shredded confidentially; digital files are permanently deleted or overwritten using secure erasure software.<\/p>\n\n\n\n
How Clinics Keep Your Information Safe<\/strong><\/h2>\n\n\n\n
Data protection isn\u2019t just about ticking a legal box. It\u2019s about ensuring that your private information doesn\u2019t end up where it shouldn\u2019t. Here\u2019s how professional clinics achieve that.<\/p>\n\n\n\n
1. Encryption<\/strong><\/p>\n\n\n\n
All digital systems handling patient data use encryption \u2014 both for data \u201cat rest\u201d (stored on servers) and \u201cin transit\u201d (being sent between systems or staff). This means even if someone intercepts the data, it\u2019s unreadable without the correct decryption key.<\/p>\n\n\n\n
2. Role-Based Access Control<\/strong><\/p>\n\n\n\n
Only authorised staff members can access patient files \u2014 and even then, only what they need to perform their job. Receptionists might see contact details, while surgeons and optometrists access diagnostic scans and medical notes.<\/p>\n\n\n\n
3. Secure Back-Ups<\/strong><\/p>\n\n\n\n
Eye clinics create secure back-ups daily or weekly to prevent data loss in the event of system failure. These back-ups are encrypted and stored off-site or in secure cloud environments with GDPR-compliant providers.<\/p>\n\n\n\n
4. Regular Audits<\/strong><\/p>\n\n\n\n
The best clinics carry out annual or bi-annual data audits. These reviews check how data is being used, whether permissions are up-to-date, and whether staff training meets legal expectations.<\/p>\n\n\n\n
5. Physical Security<\/strong><\/p>\n\n\n\n
Even in a digital world, physical security still matters. Patient files and consent forms are stored in locked cabinets within restricted areas. Any printouts containing patient details are disposed of using confidential waste bins or shredding services.<\/p>\n\n\n\n
6. Breach Response Plans<\/strong><\/p>\n\n\n\n
If a data breach ever occurs \u2014 whether accidental or deliberate \u2014 clinics must report it to the Information Commissioner\u2019s Office (ICO) within 72 hours. Patients affected are informed directly. Transparency is part of the process, not an afterthought.<\/p>\n\n\n\n
Cloud Systems, Imaging Platforms, and Data Sharing<\/strong><\/h2>\n\n\n\n
Modern ophthalmology relies on cloud-based technologies. OCT machines, topographers, and surgical planning systems often upload data to secure online portals for access by multiple clinicians.<\/p>\n\n\n\n
But this raises questions about where your data actually \u201clives\u201d. Many cloud servers are hosted outside the UK, in countries like Ireland, the Netherlands, or even the US.<\/p>\n\n\n\n
Under UK GDPR, this is fine only if<\/em> the receiving country provides an \u201cadequate level of protection\u201d or if specific contractual safeguards (called Standard Contractual Clauses) are in place.<\/p>\n\n\n\n
So, when a clinic says it uses a \u201csecure, GDPR-compliant cloud\u201d, it means the provider has met these exact legal conditions. That\u2019s why reputable eye clinics choose platforms that have passed ISO 27001 certification or NHS Digital accreditation.<\/p>\n\n\n\n
Patient Consent and Transparency<\/strong><\/h2>\n\n\n\n
Let\u2019s be honest \u2014 most people sign consent forms without reading all the fine print. But understanding what you\u2019re agreeing to is vital.<\/p>\n\n\n\n
In eye care, consent doesn\u2019t just mean agreeing to treatment; it also means agreeing to the collection and use of your personal data. You have the right to know:<\/p>\n\n\n\n
- \n
- What data is being collected<\/li>\n\n\n\n
- Why it\u2019s being collected<\/li>\n\n\n\n
- How long it will be stored<\/li>\n\n\n\n
- Who it will be shared with<\/li>\n\n\n\n
- How to withdraw consent later<\/li>\n<\/ul>\n\n\n\n
For instance, if a clinic wishes to use your anonymised scans in a presentation or a research paper, they\u2019ll ask you to sign a separate research consent form. You can refuse without it affecting your care in any way.<\/p>\n\n\n\n
The Role of the Information Commissioner\u2019s Office (ICO)<\/strong><\/h2>\n\n\n\n
The ICO<\/strong> is the UK\u2019s data protection watchdog. It enforces GDPR compliance and investigates breaches. Every medical or eye-care clinic that processes patient data must register with the ICO as a \u201cdata controller\u201d.<\/p>\n\n\n\n
If you ever feel that your information has been mishandled, you have the right to raise a concern with the clinic first. If the response isn\u2019t satisfactory, you can escalate it to the ICO directly.<\/p>\n\n\n\n
In serious cases, the ICO has the power to fine organisations and issue public reprimands. But most reputable eye clinics take compliance very seriously and will address any issues long before they escalate.<\/p>\n\n\n\n
Emerging Challenges: AI, Apps, and Tele-Ophthalmology<\/strong><\/h2>\n\n\n\n
The world of eye care is evolving fast. Artificial intelligence (AI) tools can now analyse retinal scans, detect diabetic retinopathy, and even predict glaucoma risk. Tele-ophthalmology allows remote consultations and digital prescriptions.<\/p>\n\n\n\n
All of this means more data \u2014 and often, more sharing between platforms. The key challenge is maintaining privacy when algorithms or remote systems are involved.<\/p>\n\n\n\n
Under GDPR, if AI is used to make clinical decisions, you have the right to human review<\/strong> of that decision. You also have the right to know when automated systems are used in your care.<\/p>\n\n\n\n
For apps or remote tools, always check that they are NHS-approved or meet UK data-security standards. Your medical data should never be stored in consumer-grade apps without medical-grade protection.<\/p>\n\n\n\n
What You Can Do as a Patient<\/strong><\/h2>\n\n\n\n
Data protection is a two-way street. While clinics must take every possible measure to safeguard your records, you also have a role to play.<\/p>\n\n\n\n
- \n
- Read the privacy policy:<\/strong> It\u2019s boring, yes \u2014 but worth five minutes of your time.<\/li>\n\n\n\n
- Ask questions:<\/strong> You\u2019re entitled to know where and how your data is stored.<\/li>\n\n\n\n
- Be cautious with emails:<\/strong> Avoid sending medical documents via unsecured personal email unless instructed.<\/li>\n\n\n\n
- Use your rights:<\/strong> Don\u2019t hesitate to request a copy of your data or correction of any errors.<\/li>\n\n\n\n
- Withdraw consent if uncomfortable:<\/strong> If your scans are being used in a way you didn\u2019t expect, you can always change your mind.<\/li>\n<\/ul>\n\n\n\n
The goal is simple: your data should work for<\/em> you, not the other way around.<\/p>\n\n\n\n
Building Trust Through Transparency<\/strong><\/h2>\n\n\n\n
Trust is the cornerstone of healthcare. Patients who know their data is safe are more likely to be open about their symptoms, more likely to share relevant background details, and ultimately receive better care.<\/p>\n\n\n\n
Clinics that go the extra mile \u2014 by publishing privacy notices, training staff, and explaining how imaging systems work \u2014 not only meet their legal duties but also build genuine confidence among patients.<\/p>\n\n\n\n
Transparency isn\u2019t just about compliance. It\u2019s about respect. When your data is treated with care, you feel respected as a person, not just a file number.<\/p>\n\n\n\n
FAQs About Data Protection in Eye Care<\/strong><\/h2>\n\n\n\n
1. Do I need to give written consent for my data to be stored?<\/strong>
Not always. In healthcare, your data can be lawfully stored and processed without written consent if it\u2019s necessary for your treatment or the management of health services. When you register with an eye clinic or undergo a procedure, you automatically give implied consent<\/em> for your information to be used in the delivery of your care. However, if your data is to be used for any purpose beyond direct treatment\u2014such as teaching, marketing, or research\u2014you must be asked for explicit, informed consent. You\u2019re also entitled to know exactly what that consent covers and can withdraw it at any time without affecting your care.<\/p>\n\n\n\n2. Can I ask my clinic to delete all my medical records?<\/strong>
You can request deletion under your \u201cright to erasure\u201d in the UK GDPR, but healthcare providers have specific exceptions. Because clinics are legally required to keep accurate medical records for clinical safety, auditing, and legal accountability, they can\u2019t usually erase records linked to your treatment. Instead, if you withdraw consent for certain uses\u2014like research or communication preferences\u2014the clinic will restrict processing of that data. Once the legally mandated retention period has passed (usually 8\u201310 years for adults, and longer for minors), your data will then be securely destroyed or anonymised.<\/p>\n\n\n\n3. How secure are imaging systems like OCT and biometry devices?<\/strong>
Very secure\u2014at least in reputable clinics. Modern ophthalmic imaging systems are designed with built-in encryption and password protection to ensure that only authorised clinicians can access them. Files are stored on encrypted servers, and many clinics use cloud systems that comply with NHS Digital and ISO 27001 standards. Data is backed up regularly to prevent loss, and access logs are maintained to track who views or edits a file. If images are ever transferred to another clinic or hospital, they\u2019re sent through secure, encrypted channels rather than ordinary email or removable drives<\/p>\n\n\n\n4. Who can access my eye-care records?<\/strong>
Access to your records is strictly limited to those directly involved in your care. That typically includes your ophthalmologist, optometrist, or surgical team, along with support staff who handle scheduling or billing. Everyone who handles patient information is bound by confidentiality agreements and data protection training. Administrative staff might see your name or appointment details but won\u2019t have access to diagnostic data or clinical notes. If your care involves other healthcare professionals\u2014say, a GP or hospital consultant\u2014data is shared securely and only with your consent or where necessary for continuity of care.<\/p>\n\n\n\n5. Can my data be shared with other healthcare providers?<\/strong>
Yes, but only when it\u2019s necessary to ensure seamless medical care or when required by law. For example, your eye surgeon may share imaging results or surgical outcomes with your GP or referring optometrist. Any such exchange is done via secure NHS mail or encrypted file transfer systems, not standard email. You\u2019ll usually be informed whenever your information is shared, and you have the right to request a copy of what\u2019s been sent. Clinics are not allowed to sell, trade, or share your data with third parties for marketing or commercial purposes under any circumstances.<\/p>\n\n\n\n6. What happens if there\u2019s a data breach at an eye clinic?<\/strong>
If a clinic experiences a data breach\u2014whether that\u2019s unauthorised access, accidental loss, or system compromise\u2014they are legally required to act immediately. The incident must be reported to the Information Commissioner\u2019s Office (ICO) within 72 hours, and affected patients are notified as soon as possible. The clinic will investigate how the breach occurred, take measures to prevent further incidents, and may retrain staff or upgrade systems where necessary. Transparency is a legal obligation in such cases, so you\u2019ll be told exactly what happened and how your data is being safeguarded going forward.<\/p>\n\n\n\n7. Can clinics use my scans or records for training or research?<\/strong>
Only with your explicit permission. Clinics sometimes contribute anonymised scans or case details to research studies, medical conferences, or internal training sessions. In these cases, personal identifiers such as your name, date of birth, and contact details are removed. You\u2019ll always be asked to sign a consent form explaining what your data will be used for and whether it might be published. If you decline, your information will simply not be included. Refusing consent will never impact your treatment\u2014it\u2019s entirely your choice.<\/p>\n\n\n\n8. How can I check if my clinic follows GDPR rules?<\/strong>
Every legitimate eye-care provider that handles personal data must register with the Information Commissioner\u2019s Office (ICO)<\/strong> as a \u201cdata controller\u201d. You can check the ICO\u2019s public register online by entering the clinic\u2019s name or postcode. This register lists the type of data they handle and their reasons for processing it. You can also review the clinic\u2019s privacy policy on their website\u2014it should clearly outline how they manage patient information, how long they retain it, and what rights you have. If any of this is missing, it\u2019s a sign that the clinic\u2019s compliance needs reviewing.<\/p>\n\n\n\n9. Will AI and digital tools affect my data privacy?<\/strong>
Artificial intelligence and tele-ophthalmology are becoming more common, but they still fall under the same data protection laws. If a clinic uses AI tools to analyse scans or assist in diagnosis, they must tell you. You also have the right to request a human review of any automated decision that affects your care. The systems used must be secure, and data processed by AI should be anonymised whenever possible. Responsible clinics only work with AI providers that meet UK GDPR standards and have transparent privacy frameworks to prevent unauthorised use of patient data.<\/p>\n\n\n\n10. What should I do if I believe my data has been mishandled?<\/strong>
Start by raising your concern directly with the clinic. They are required to have a Data Protection Officer (DPO) or a designated contact who handles such matters. Explain what you believe went wrong and request a written response. If you\u2019re not satisfied with the outcome, you can escalate the issue to the Information Commissioner\u2019s Office (ICO), which oversees all data protection matters in the UK. The ICO can investigate and, if necessary, issue fines or corrective actions against the organisation. Remember, your privacy rights are legally protected\u2014you never have to stay silent if something feels off.<\/p>\n\n\n\nFinal Thoughts<\/strong><\/h2>\n\n\n\n
Eye care today is powered by data \u2014 from the first retinal scan to the final outcome measurement. But with great data comes great responsibility. The good news is that in the UK, strict laws, advanced technology, and strong professional ethics all work together to keep your information secure.<\/p>\n\n\n\n
At London Cataract Centre<\/a>, every step of the patient journey \u2014 from consultation to post-operative care \u2014 is managed with complete transparency and data protection in mind. The clinic follows GDPR-compliant processes, uses secure digital systems for imaging and consent, and ensures only authorised clinicians handle patient data.<\/p>\n\n\n\n
So the next time you visit your ophthalmologist or optometrist, remember: your records are part of a tightly regulated framework designed to protect you. And if you ever want to know more about how your data is managed, just ask \u2014 the law and your clinic are on your side.<\/p>\n\n\n\n
References<\/strong><\/h2>\n\n\n\n
- \n
- Information Commissioner\u2019s Office (ICO). (2024) Guide to the UK General Data Protection Regulation (UK GDPR).<\/em> Available at: https:\/\/ico.org.uk\/for-organisations\/uk-gdpr-guidance-and-resources\/<\/a> (Accessed: 9 November 2025).<\/li>\n\n\n\n
- UK Government. (2018) Data Protection Act 2018.<\/em> Available at: https:\/\/www.legislation.gov.uk\/ukpga\/2018\/12\/contents<\/a> (Accessed: 9 November 2025).<\/li>\n\n\n\n
- NHS Digital. (2023) Data Security and Protection Toolkit.<\/em> Available at: https:\/\/www.dsptoolkit.nhs.uk\/<\/a> (Accessed: 9 November 2025).<\/li>\n\n\n\n
- Royal College of Ophthalmologists. (2022) Clinical Data Management and Patient Confidentiality in Ophthalmology.<\/em> London: RCOphth.<\/li>\n\n\n\n
- General Medical Council. (2024) Confidentiality: Good Practice in Handling Patient Information.<\/em> Available at: https:\/\/www.gmc-uk.org\/ethical-guidance<\/a> (Accessed: 9 November 2025).<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"
When you visit an eye clinic, you\u2019re not just handing over your sight for assessment \u2014 you\u2019re also sharing some of your most personal information. Every scan, consent form, and medical note becomes part of a larger digital record that needs to be stored, protected, and sometimes shared responsibly. Under the UK\u2019s General Data Protection […]<\/p>\n","protected":false},"author":2,"featured_media":2620,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3518","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/posts\/3518","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=3518"}],"version-history":[{"count":1,"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/posts\/3518\/revisions"}],"predecessor-version":[{"id":3519,"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/posts\/3518\/revisions\/3519"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/media\/2620"}],"wp:attachment":[{"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=3518"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=3518"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londoncataractcentre.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=3518"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- UK Government. (2018) Data Protection Act 2018.<\/em> Available at: https:\/\/www.legislation.gov.uk\/ukpga\/2018\/12\/contents<\/a> (Accessed: 9 November 2025).<\/li>\n\n\n\n
- Ask questions:<\/strong> You\u2019re entitled to know where and how your data is stored.<\/li>\n\n\n\n
- Read the privacy policy:<\/strong> It\u2019s boring, yes \u2014 but worth five minutes of your time.<\/li>\n\n\n\n
- Right to rectification:<\/strong> If something\u2019s wrong, you can ask them to correct it.<\/li>\n\n\n\n
- The Data Protection Act 2018 (DPA 2018)<\/strong><\/li>\n<\/ol>\n\n\n\n
- The UK General Data Protection Regulation (GDPR)<\/strong><\/li>\n\n\n\n