Privacy and Cookies policy

The Medical Practitioners Tribunal Service (MPTS) is a statutory committee of the General Medical Council (GMC). We are accountable to the Council of the GMC and the UK Parliament. The MPTS operates separately from the investigatory role of the GMC but the GMC is still the data controller for personal data processed by the MPTS.

The aim of this privacy notice is to help you to understand how we use personal data at the MPTS. This is an overview of how we use information.

You can find a privacy notice explaining how the GMC uses personal data for other purposes on the GMC website.

We take our responsibilities as a data controller very seriously and are committed to keeping information secure. We are accredited to international information security standards and protect our IT infrastructure in line with industry standards and good practice.

Tribunal hearings and sanctions information

Why we hold it

We are required under the Medical Act 1983, to be provided with information for the purpose of determining whether a doctor’s fitness to practise may be impaired or is impaired.

We are responsible for ensuring that decisions made by the interim orders tribunal (IOT) and the medical practitioners tribunal (MPT) are reflected on the LRMP.

What we hold

We hold information about decisions taken by medical practitioners tribunals and interim orders tribunals. We hold information about patients, including medical records, where it has been provided as part of the purpose of determination. We hold information about doctors’ health and criminal convictions where it is relevant to the concern that we’re considering.

We have the power to require the disclosure of medical records if necessary.

How we share it

The Medical Act requires us to share information about decisions made by the IOT and the MPT with employers and the Department of Health.

All fitness to practise sanctions are published on the doctor’s record on LRMP. Further information about hearings and sanctions issued by a tribunal is published on our website. You can find more information about how we publish Fitness to Practise information, including relevant time periods, in the GMC’s publication and disclosure policy.

We disclose tribunal hearing bundles to the Disclosure and Barring Service in line with our duties under the Safeguarding Children and Vulnerable Groups Act 2006.

We share information about recent sanctions with bodies in the UK and abroad who have a legitimate or statutory interest in this information.

We have contracts with other organisations (or Third Parties) to carry out certain activities or services on our behalf. If we need to share information with them we make sure that:

  • They are only provided with the information they need to carry out the service.
  • They agree not to use the information received from us for any other purpose than those specified by us.
  • They have the proper systems in place to protect personal data.

Consultations

What we hold

We run consultations on a range of topics related to our regulatory functions. As part of the process we record the names and contact information of respondents, as well as their answers.

Why we hold it

We hold this information so that we can carry out research and analysis of the responses, and keep in touch with respondents about the outcome of the consultation. We ask respondents for their email addresses so that we can confirm registration on our consultation site, contact them if they forget their password and notify them of any upcoming consultations that are in line with their interests, where they have asked us to do so.

How we share it

At the end of the consultation process, we will publish reports explaining our findings and conclusions. We won’t include any personally identifiable information in these reports, but may include illustrative quotes from consultation responses. We may also provide responses to third parties for quality assurance or to approved research projects, which are anonymised before disclosure where possible.

Retention periods for personal data

Our records retention schedule explains how long we will keep personal data for.

Website data and analytics

We use cookies on our website. More information about what we collect on our cookies page.

Your rights

You have the right under data protection legislation to access and control the information we hold about you, although there are also exemptions from those rights. Below is information on your rights and details of what to do if you have a question.

Accessing your data

You are entitled to request a copy of the personal data we hold about you. To do this, you can email FOI@gmc-uk.org. We will usually respond within one month, but if the request is complex or involves large amounts of data we have up to three months to respond.

There is usually no charge for making a request, but we have the right to request a fee if the request is unfounded or excessive.

In some cases we do not have to provide a copy of the data because an exemption applies. This is likely to be because:

  • The data is also the personal data of another person and it would not be reasonable to disclose it to you without their consent.
  • Disclosing the data would prejudice our regulatory functions, for example by making it difficult for us to conduct a fair fitness to practise investigation.
  • Disclosing your data would impair research being conducted by or on behalf of the GMC.

Controlling how we use your data

You have the right under the General Data Protection Regulation to control how we use your data, by asking us to delete it or limit how we use it. To do this you can email DPO@gmc-uk.org.

But there are some exemptions we want you to be aware of. If we are using your data to carry out our statutory functions, we don’t have to delete personal information. That’s because there are strong public interest and patient safety grounds for us to process personal data which we need to carry out our role.

We do not have to delete information or stop using it for research purposes if doing so would impair our research objectives.

Our contact details

The data controller for the processing described in this policy is the General Medical Council. The Data Protection Officer is Andrew Ledgard. You can contact our Data Protection Officer by emailing DPO@gmc-uk.org.

Our data protection policy is also available.

Complaints

If you are unhappy about how we use your personal data, you have the right to complain to the Information Commissioner’s Office. You can find out more about this at www.ico.org.uk