Price Transparency

General Practitioners & Primary Care Networks

GP regulatory and GDPR

Our expert team understands the political landscape within which you work and can help you meet your professional, legal and regulatory obligations.

We regularly support clients who are bidding for APMS and other contracts. These contracts are very long and complicated, and it is important that the terms and risks are fully understood before signing them, even if you are coming under pressure to sign quickly. Our understanding of the regulations and procurement process, combined with our experience of negotiating commercial contracts, means that we are able to focus quickly on what is, and what is not, negotiable.

DR Solicitors can also help you with keeping your CQC registration up to date, or in challenging a CQC report and responding to an enforcement notice.

GDPR, data protection, freedom of information, cyber-security – these buzz words aren’t going away. In fact, there is an ever increasing risk to a practice for failure to comply with the associated regulations and legislation, which in themselves are something of a moving target.  We have a specialist team of solicitors who can help you navigate the GDPR, advise on best practice and prevention, and for when things don’t go according to plan, on how to put things right and damage limitation.

If you do find yourself being investigated by the police, CQC or ICO in relation to data and regulatory breaches, we can represent you.

Here are some of the ways we have helped GP practices:

  • challenging CQC decisions
  • representation at MPTS hearings
  • appealing against Fitness to Practice decisions
  • assisting with GMC registration applications
  • responding to data subject access requests
  • advising on GDPR and data protection
  • dealing with breach & remedial notices from NHSE
  • supporting LMCs in negotiations with NHSE


  • What to do if you receive a Data Subject Access Request
  • Very few GP practices have the time or resource to respond to a DSAR with 100% confidence and with the use of DSARs as a litigation weapon increasing, it is important that you have robust, formal procedures in place to ensure:

    1. that all staff in the practice can recognise a DSAR
    2. that all data search, collation, redaction and removal processes are GDPR compliant
    3. that DPA exemptions are correctly applied
    4. all non-disclosable information is withheld
    5. any consents to disclosure are valid
    6. timeframes are strictly adhered to

    If in any doubt, seek specialist legal advice.

  • Steps to take to protect your DPO
  • If a breach of GDPR is attributed to a failure on the part of the DPO, they could pick up significant personal liability. This could be the case even if they can prove that they weren’t provided with the adequate training or resources to carry out their role. What the DPO cannot be personally liable for, is the partnership’s non-compliance with GDPR, which usually remains jointly and severally with the partners. Here are a few steps a practice can take to reduce risk:

    Partners should:

    1. undertake due diligence on a DPO’s competence and suitability to undertake their role – this should be done on a regular basis and a record kept
    2. provide the DPO with the resources and support they need to carry out their duties
    3. make sure they have a partnership deed in place which includes relevant indemnities

    The DPO should:

    1. regularly review whether they have the required training, experience, skills and knowledge to undertake the role
    2. consider whether they can advise the practice competently and confidently on complex GDPR issues



Key Contacts

Beth Lyon

Beth Lyon