▲ 6 r/gdpr
Private hospital medical records removal in the UK
I had surgery at a private hospital (self pay) in the UK over 8 years ago. The hospital's privacy policy is vague: "we'll keep medical records as long as necessary for regulatory and legal reasons"
I understand that minimum recommended retention period is 8 years. But beyond that they can keep it for as long as they want. However, they are also required by GDPR to keep it for only as long as necessary.
So I find it hard to understand how they decide the "as long as necessary" retention period. Does the hospital unilaterally decide this? Is it legally possible for me to force them to delete it after 8 years?
u/Due-Meeting-9567 — 6 days ago