- Posted Wednesday May 9, 2018
The General Data Protection Regulations (GDPR) come into force on 25 May 2018. To help GP practice managers prepare, we’ve added a wide range of documents to our Policy Library and GDPR Toolkit for members. Here, our anonymous blogger shares an update on their preparations for GDPR…
Along with several other colleagues in the area, I recently attended a training course on the General Data Protection Regulation by primary care trainers Thornfields and now feel a lot more prepared for the changes.
As a surgery, we had decided to wait for the training before getting an action plan in place, whereas others have already started putting things in place, but continually altered plans as they heard something new.
Of course, I had concerns before the course but as things went on in the meeting I realised that we already had a lot of what we needed in place and that any changes were manageable with good planning and the right resources in place.
The fear factor seems to be something we all work on - “What happens if…?” We have now set up a list of things that need doing and will tackle them in a timely manner.
Although a lot of what we see states the changes are to be in place by May 25th, it really means that action plans and changes need to be evident - it can be a work in progress, providing one uses the common sense to take care of their data - as we all do now.
The following article was run on the NHS Network news and is a little light relief. Enjoy if you have not read!
In the consulting room: a mild case of GDPR
In which we establish an evidential link between data protection legislation, headaches and depression in general practice...
GP: What can I do for you today, Mrs Smith?
Patient: How did you get my name?
GP: The receptionist told me before she buzzed you in
Patient: I don’t remember giving her permission to share my details with a third party
GP: It’s her job to tell me who you are
Patient: She didn’t obtain my explicit consent
GP: It was probably an oversight, madam
Patient: Madam? Why is my gender relevant?
GP: It may or may not be. It depends why you’re here
Patient: Well, I’ve not been feeling myself recently
GP: I see. I understand you’ve been having a lot of headaches
Patient: And you obtained that information how, exactly?
GP: It’s all on your health record
Patient: Did I consent to this use of my data?
GP: We need the information to treat you
GP: She may have presumed that if you made an appointment, came to the surgery and sat in the waiting room for half an hour that you wanted to see a doctor
Patient: You can’t rely on presumption. I should have been given a clear opt-in
GP: Do you want to see me or not?
Patient: That’s my business. I’m not obliged to disclose a preference either way
GP: This is ridiculous. We’re getting nowhere here
Patient: What are you writing about me? I demand to see it
GP: I’m writing a prescription. Take it to the pharmacy and they’ll give you something that will help
Patient: That’s outrageous. The pharmacist may be able to identify me
GP: We’re going round in circles
Patient: What are you going to do about my headaches?
GP: They’re perfectly normal. You’re suffering from a mild case of GDPR. It may seem painful now but you should make a full recovery by early June
Patient: So I don’t need to do anything?
GP: No, just get plenty of rest and try to avoid processing any sensitive data
Patient: Thanks for putting my mind at rest, doctor
GP: Why are you using my professional title when it isn’t relevant to your stated use of my data?
Patient: I’m very sorry
GP: Don’t mention it – you have a right to be forgotten. Would you mind opting yourself out?
Data controller: Julian Patterson - @jtweeterson
First Practice Management members can access tools and documents that present GDPR in clear and straightforward terms, with resources including a sample Data Map and Privacy Impact Assessment available in our GDPR toolkit area and Policy Library