Data Protection and Retention

1. Legislative Background

This policy is intended to ensure that Meadow Lane Vets (the ‘Practice’) complies with the requirements of both the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

The legislation defines ‘personal data’ as “any information relating to an identified or identifiable natural person (‘data subject’)”.
“An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The GDPR does not cover information which is not, or is not intended to be, part of a ‘filing system’.
This means that any data that relates to an individual who is identified or identifiable, either directly or indirectly, from the data alone, or from the data in combination with other factors, is ‘personal data’. Both electronic data and manual ‘filed’ data are covered by the legislation.

Meadow Lane Vets collects, processes and stores ‘personal data’ and seeks to handle all such data in accordance with the relevant legal requirements.

The legislation also refers to ‘special categories of personal data’ and these require higher levels of protection. This means personal data about an individual’s race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (used for identification purposes), health data, sex life or sexual orientation. Information relating to criminal convictions and offences is also identified as requiring a higher level of protection.

Meadow Lane Vets will not collect, process or store any ‘special category personal data’ except in very specific cases. For example, data relating to a client’s health may be stored where this is necessary to ensure that we can provide an appropriate service to that individual. This might arise where a person’s health may affect their ability to visit the Practice safely. In such cases the individual must have given specific agreement to the information being recorded. The storing of such information must also have been approved by the Data Protection Officer. The Data Protection Officer must be satisfied that any such ‘special category personal data’ is appropriately protected.

2. Principles

  • We will only collect personal data that we require to carry on our business and to provide an appropriate, high quality, service to our clients.
  • We will not collect any personal data which is not required to carry on our business and to provide an appropriate, high quality, service to our clients.
  • Our Data Protection Officer will periodically review the data we hold and arrange for deletion of any data which is no longer required and which is unlikely to be required, for example in the event of future legal action involving the Practice or its staff.
  • We will use our best endeavours to ensure that data we hold is accurate.
  • We will not keep personal data for longer than we need it.
  • We will use ‘appropriate technical and organisational measures’ to, as far as reasonably practicable, ensure the security of personal data that we hold.

3. Data we collect, process, and store

We collect and keep personal data that our clients provide to us. This includes information that is provided when a client registers with Meadow Lane Vets or when a client joins our direct debit scheme. This personal data may include, for example:

  • Name, address, and telephone number.
  • Email address.
  • Bank account details.

We will normally collect this personal data verbally at the Practice, over the phone, in writing in the case of data provided in relation to the direct debit scheme or via our website. We may sometimes receive information via third parties, e.g., from another veterinary practice when a client joins us from that practice.
We also collect and keep personal data in relation to our members of staff.

4. Storage and protection of data

Most client data is stored on our secure computer system. Very little data is stored in hard copy form and any such data is stored securely at the Practice in areas away from public access.

  • Only members of staff who need to use this data for the purposes of running our Practice, or otherwise for the benefit of the animal concerned, may have access to this data. No member of staff should access any personal data for any other reason.
  • When collecting personal data in a ‘public’ environment such as the Reception Area staff should take all reasonable care to avoid that personal data being disclosed to other members of the public who may be in that area.
  • Data from the computer system is backed-up to a secure external server daily.
  • Contact will be made to the Practice if there is a disruption to server back-up, it is the Practice Manager’s responsibility to complete any necessary actions to rectify the issue.
  • All our computer terminals are password protected and staff should not leave computer terminals unattended whilst logged-in.
  • We collect and store data in hard copy form only when this is unavoidable and all such data is stored securely in areas of the Practice to which members of the public do not have access.
  • Where data does not need to be stored in hard copy form, including for example insurance claim forms, this data is scanned and stored electronically on a secure system and the hard copies are destroyed. The scanning process is normally carried out on a daily basis but may take up to 7 working days. The hard copy data is stored securely in areas of the Practice to which members of the public do not have access, until the scanning process has been completed and the documents can be destroyed.
  • All hard copies of consent forms and related documents, such as anaesthetic charts and hospital records, will normally be scanned onto the patients record on the PMS but, on occasions, some documents may be scanned onto a separate secure system. This will normally be carried out on a daily basis but may take up to 7 working days to complete. The hard copy data is stored securely in areas of the Practice to which members of the public do not have access, until the scanning process has been completed and the documents can be destroyed.
    Clients’ information from direct debit application forms is input to a secure on-line portal which can only be accessed by designated persons. Once that data has been inputted the hard copy data is destroyed.
  • The Practice Manager is responsible for monitoring the storage and handling of all data and information at the Practice.
  • Our website providers ensure that our website is appropriately secure.

Personal data relating our staff is stored securely in a locked cabinet.

  • Only specifically authorised members of staff are permitted to access the personal data of other members of staff. Such access is limited to that which is necessary for the carrying on of our business.

Any person found to be accessing or using any personal data for any improper or inappropriate purpose shall be liable to disciplinary action.


We will only store information for as long as we believe that it may be needed. How long it is stored depends on the specific information and what it is being used for.
We periodically review what information we hold and delete or otherwise destroy anything that is no longer required.
The Royal College of Veterinary Surgeons advises that records should be kept for as long as necessary, considering legal requirements, professional indemnity requirements and the potential need for clinical history in future care. The Royal College of Pathologists recommends that specialised reports, radiographs, and pathology results should be kept for at least 10 years, as these may serve as primary diagnostic evidence.
In accordance with best practice, we would normally retain clinical records for at least 10 years after the last entry.


This Data Protection and Retention Policy was updated on 18/05/2026.