- Posted Monday September 17, 2018
All organisations that regularly process EU residents’ personal data must comply with the new Data Protection Act 2018. GDPR has given patients new rights to know what GP practices are doing with their data, so it pays to be transparent.
All companies in the UK need to explain exactly why they are collecting personally identifiable information (PII), and use clear, accessible language to disclose the ways the data is being used - this is known as ‘full disclosure’.
You need to share:
- Which data is collected?
- How is the data collected?
- How is the data used?
- Is the data provided to any third parties?
Practices need to have a nominated Data Protection Officer (DPO) who is responsible for GDPR compliance. The DPO should report to the highest level of management and must be informed of all data protection issues within the organisation.
May 25 may have felt like the end of the GDPR journey for many as they worked on becoming compliant with the new regulation, but it remains an ongoing concern for all GP practices.
Tell us about the steps you have taken to be GDPR compliant by taking this short survey and you could be in with the chance to win John Lewis vouchers courtesy of our friends at GDPR Manager.