What is GDPR?
General Data Protection Regulation
On May 25th 2018 the data protection Act (1998) will be superceded by the Data Protection Regulation (GDPR). It will become the new legislation on personal data. It will have similarities to the previous Data Protection Act however, there are new implications, deadlines and definitions.
What GDPR will mean for Patients/Staff
Your Data:
- must be processed lawfully, fairly and transparently.
- collected for specific, explicit and legitimate purposes.
- must be limited to what is necessary for the purposes for which it is processed.
- must be accurate and kept up to date.
- must be held securely.
- It can only be retained for as long as is necessary for the reasons it was collected.
Patients/Staff Rights
- Being informed about how their data is used.
- To have access to their own data.
- To ask to have incorrect information changed.
- To restrict how their data is used.
- Move their patients/staff data from one organisation to another.
- To object to their personal information being processed (in certain circumstances).
- To withdraw consent at any given time
The Main Changes
- Consent – removal of implied consent
- Higher levels of accountability on data controllers (the practice) to protect information held and how that data is shared
- Introduction of a Data Protection Officer for the practice, who will monitor compliance and ensure an adherence to the new legislation
- Fines for non-compliance of the legislation, or for serious data breaches, will increase – up to €20million or 4% global annual turnover (whichever is highest)
- All serious data breaches must be reported to the Information Commissioners Office within 72 hours
- Fines for accessing patient information have been removed
What is Personal Data?
This is any information relating to an identified living person (data subject) i.e. name, address, date of birth, NHS number, NI number, ethnic origin, medical history, political origins, religion, sexuality etc.
What is Consent?
Consent is permission granted from patients/staff – an individual’s consent must be:
- Freely given
- Specific and informed
- Indication of his/her wishes by which the data subject (patients/staff) agrees to relevant personal data being processed.
The changes in GDPR mean that we must get explicit permission from patients/staff when using their data. This is to protect your right to privacy and we may ask you to provide consent to do certain things like contact you or record certain information about you in your clinical/staff records.
Individuals have a right to withdraw consent at any time.
You can read our privacy statement here or contact the Business Manager at warnoccgspringhillmc@nhs.net