Typing.jpg

GDPR & General Practice: Ex-Practice Manager misused personal data

Two recent reports from the Information Commissioner’s Office (ICO) demonstrate the need for GP practice managers to stay compliant with GDPR and the Data Protection Act 2018.

A former GP practice manager has been fined for sending personal data to her own email account without authorisation. The former PM, who was working at a practice in Derby, admitted unlawfully accessing personal data and was fined £120, plus £364 costs.


Sharing Data with Third Parties

A second recent case involved Bounty, a pregnancy and parenting club that collected personal information as part of its membership registration process. However, the company also operated as a data broking service and shared some data with third parties.

Bounty was found to have breached the Data Protection Act 1998 and was fined £400,000 for sharing personal information without being fully clear with its members that it might do so. The personal information shared was not only that of potentially vulnerable, new mothers or mothers-to-be but also of very young children, including the birth date and sex of a child.


A Personal and Professional Risk

The potential risk to GP practices of a data breach, or simply not being clear about how we share personal data, can’t be understated. The risk is both financial and to individuals’ reputations, such as the practice manager who unlawfully accessed personal data.

Falling foul of these laws could lead to patients’ trust in their GP practice being undermined and result in some patients choosing to re-register elsewhere. It’s very important to be mindful and make sure your documentation is up to date – FPM members may find it useful to visit out GDPR Toolkit to look at the range of documents on offer.


The Cost of Breaching GDPR

It’s notable that both of the above examples were actioned under the DPA 1998, with its lower applicable fines. Due to the timing of the investigations, the maximum financial penalty for those involved in the cases was £500,000.

However, GDPR and the DPA 2018 have since given the ICO strengthened powers. Since 25 May 2018, the ICO has the power to impose a civil monetary penalty on a data controller of up to £17million.

This means that any person or organisation who behaves similarly and breaches the new Data Protection Act could find it to a far costlier error, so the need to be compliant and minimise the risk of potential breaches is critical.

Do you and your staff know how to stay compliant with Data Protection laws – and why it’s so important? Thornfields’ half-day GDPR training course can help you understand GDPR, its strategic drivers and its operational implications.


Comments

First Practice Management 24/04/2019

Hi Helen Thanks for your comment - you can find out more information about this case at the link below: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/04/former-nhs-manager-fined-for-sending-personal-data-to-her-email-account/ FPM

helen 17/04/2019

The PM in Derby one, not sure that I understand correctly, to me this reads that she was fined for using her NHS net email account for personal reasons, is that correct? Did someone blow the whistle or are we all being watched? Who would you need to get permission from to use your email address for personal reasons?


Leave a Comment

Categories

Upcoming Events

There are currently no events scheduled.

Jobs

Practice Manager - Greenford, UB6

Closing Date: 30 June 2019

Salary: Negotiable

Service Delivery Manager - Wandsworth, London

Closing Date: 12 July 2019

Salary: £35,000 - £40,000

Practice Manager - Staines, Middlesex

Closing Date: 22 June 2019

Salary: Dependant on skills and experience

Practice Manager - Benfleet, Essex

Closing Date: 24 June 2019

Salary: Dependant on skills and experience

Business Manager - Swanley, Kent

Closing Date: 25 June 2019

Salary: Dependant on skills and experience

Practice Manager - Swanley, Kent

Closing Date: 25 June 2019

Salary: Dependant on skills and experience

Practice Manager - Cambridgeshire

Closing Date: 7 July 2019

Salary: Dependant on skills and experience

Practice / Business Manager - Amesbury, Wiltshire

Closing Date: 28 June 2019

Salary: £60,000 (Full time equivalent) pro rata + benefits

Practice Manager - Shropshire, SY4

Closing Date: 21 June 2019

Salary: Circa £45,000 dependent on experience

Practice Manager - London, SE1

Closing Date: 21 June 2019

Salary: Generous Remuneration – Dependant on commitment & performance

Practice/Business - Manager, Warwickshire

Closing Date: 30 June 2019

Salary: From £37,000 upwards, dependent upon experience

Practice Manager - Greenford, UB6

Closing Date: 30 June 2019

Salary: Negotiable

Service Delivery Manager - Wandsworth, London

Closing Date: 12 July 2019

Salary: £35,000 - £40,000

Practice Manager - London, SE1

Closing Date: 21 June 2019

Salary: Generous Remuneration – Dependant on commitment & performance

Practice Manager - Shropshire, SY4

Closing Date: 21 June 2019

Salary: Circa £45,000 dependent on experience

Practice Manager - Staines, Middlesex

Closing Date: 22 June 2019

Salary: Dependant on skills and experience

Practice Manager - Benfleet, Essex

Closing Date: 24 June 2019

Salary: Dependant on skills and experience

Practice Manager - Swanley, Kent

Closing Date: 25 June 2019

Salary: Dependant on skills and experience

Business Manager - Swanley, Kent

Closing Date: 25 June 2019

Salary: Dependant on skills and experience

What others are viewing now

Latest Forum Posts

Fetching latest posts...