GP leaders warned that the moves could put patients at risk if they piled more bureaucracy on top of the heavy workloads already faced by practices.
Following an overhaul of regulations, from 1 February the information commissioner's office (ICO), will be able to carry out compulsory audits to assess data protection by organisations including GP practices.
Previously the the ICO was only able to force these checks on government departments.
NHS organisations including GP practices found to be in breach of data protection laws have faced heavy fines. GP reported in 2013 on campaigners warning that practices could face fines of up to £500,000 for breaching data protection rules, and the ICO has issued fines totalling £1.3m to NHS organisations.
However, a spokesman for the ICO confirmed audits were intended to flag up problems with data protection before a breach occurred, and their findings could not trigger a fine. He added that all practices would not be inspected as a matter of routine, and that audits could be triggered by concerns raised about a practice or other factors.
GPC deputy chairman Dr Richard Vautrey warned that the move must not leave practices facing yet more bureaucracy.
'GPs and practices take confidentiality and the appropriate handling of patient data very seriously,' he said. 'That's why we've been so concerned over the years about various government IT schemes that could undermine the confidence patients have in their GP.'
'We would need to see the details of any proposed audits the ICO planned to use, but they need to be very careful not to add yet more to the already heavy workload burden on practices and therefore make it even more difficult to provide good quality care to patients.
'The last thing practices want is CQC calling on Monday, the NHS England area team ringing on Tuesday, the CCG demanding attendance at a meeting on Wednesday and then the ICO requiring an audit to be done on Thursday, as the result of this regulatory burden could be having to handle a GMC complaint on Friday because patient care was compromised.'
Audits by the ICO can look at how organisations handle patients' personal information, security of data, records management, staff training and data sharing.
Information commissioner Christopher Graham said: 'The Health Service holds some of the most sensitive personal information available, but instead of leading the way in how it looks after that information, the NHS is one of the worst performers. This is a major cause for concern.
'Time and time again we see data breaches caused by poor procedures and insufficient training. It simply isn’t good enough. We fine these organisations when they get it wrong, but this new power to force our way into the worst performing parts of the health sector will give us a chance to act before a breach happens. It’s a reassuring step for patients.'
*This story has been amended following a clarification from the ICO that problems with data protection uncovered in compulsory audits cannot lead to a fine.