GDPR- are you ready?

25th May 2018 is approaching quickly, now is the time to ensure your practice’s data is GDPR compliant. I may have been boring everyone in the office about this but it is essential we get compliant and the third-party companies we work alongside are compliant also.I am not going to cover all points of GDPR here in this blog as the legislation is vast in its detail.

The GDPR (General Data Protection Regulation) was designed to coordinate European data privacy laws, to protect the data privacy of all EU citizens and to improve the way organizations approach data privacy. Regardless of Brexit, GDPR will apply to your health business, so it is essential that you understand what it is and how it will affect you.  If you are not compliant, you could face a hefty fine of up to 4% of your practice’s annual turnover!

The new regulations are essentially an amendment of the ones created with The Data Protection Directive (officially Directive 95/46/EC ), taking into account the technological and legal changes of the past 20 years such as cloud hosting, social media outlets and messenger services.

According to the GDPR website, the regulations apply to personal data. This includes: names, photos, email addresses, bank details, posts on social networking websites, medical information and computer IP addresses.After the deadline, an individual has the right to know what companies and organizations hold on them and they can no longer charge for the right to access this data.

For therapists in private practice, it’s vitally important to ensure that you collect and store confidential data and client contact data in accordance with GDPR. This doesn’t mean that you should discard any data that has not been gathered with a GDPR compliant process, but you must contact those individuals again to request the appropriate consent. If you work with children, you will need to gain parental or guardian consent in order to process their data lawfully.

Furthermore, your staff will need to be trained on how to handle personal data. What can they do with it? How can they handle it? When should they delete it (or securely shred it)? The onus is on the company to correctly train their employees to best understand how they can obtain and use peoples’ data.

Here at Munro Therapy  Services, we are working diligently to become compliant.The Information Commissioners Office has been running a series of blogs to help get your business/practice get compliant.

https://ico.org.uk/for-organisations/health

 

James Munro

Munro Therapy Services