Under the General Data Protection Regulation (GDPR), individuals (also known as Data Subjects) have a legal right of access to their personal data.

This includes access to their health records. 

Under General Data Protection Regulation (GDPR), a request must be met without delay and within one calendar month of receipt.

This can be extended by a further two months where the request is complex or where there are numerous requests.

If this is the case, the Data Subject will be contacted within one month of the receipt of the request and informed why an extension is necessary.

Under the old Data Protection Act, a fee could be charged for providing copies of health records.

GDPR allows most requests to be made free of charge.

However, a reasonable fee can be charged for further copies of the same information or when a request is manifestly unfounded or excessive, particularly if it is repetitive.

Any fee will be based on the administrative cost of providing the information.