Expert Insights

Latest news stories and opinions about the Dental, GP and Care Industries. For your ease of use, we have established categories under which you can source the relevant articles and news items.

28th September 2017

EU General Data Protection Regulation (GDPR) – An Introduction

As all the marketing emails, you have been receiving indicate, you need to prepare for the EU General Data Protection Regulation. The “GDPR” will be in force from 25 May 2018 – that is in about eight months from now!  Whatever format emerges for Brexit, it is not expected to have any impact on the requirements of this new legislation which is anticipated to apply for the foreseeable future.

GDPR will replace the 1998 Data Protection Act. It brings important changes to the law governing the management and use of service user data. Your service will need to take sufficient time to understand, plan, prepare for and implement the necessary operational changes. Customers of QCS will have access to policies and procedures that will support these changes.

These imminent changes to data protection legislation are significant and cannot be ignored. Nor, on a practical level, should they be left until the last moment if you want to stay in control of your service compliance.

The Major Impacts of GDPR

So, what are the major impacts overall and day-to-day for your service recognising that some will apply on a more regular basis than others?

In summary:

  • All organisations will be obliged to demonstrate that they comply with the new law.
  • There will be tighter rules where consent is the basis for processing (data).
  • There will be significantly increased penalties possible for any breach of the Regulation – not just data breaches.
  • Data protection issues must be addressed in all information processes.
  • There will be a legal requirement for security breach notification.
  • There will be specific requirements for transparency and fair processing.
  • A requirement for the removal of charges - in most cases - for providing copies of records to service users or staff who request them.
  • A Data Protection Impact Assessment will be required for high risk (data) processing.
  • There will be a requirement to keep records of data processing activities.
  • The appointment of a Data Protection Officer will be mandatory for all public authorities. *

*https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/accountability-and-governance/ See section: Further reading from the Article 29 Working Party which contains helpful guidance and FAQs

Information Governance Alliance

Information now available via NHS Digital provides details of the subject by subject guidance due to be published by the Information Governance Alliance (“IGA”).  The first is already available and is a good introductory read which will help services begin to prepare strategically in the first instance: Changes to Data Protection legislation: why this matters to you (CEO briefing on GDPR and Accountability for Data Protection) https://digital.nhs.uk/article/1414/General-Data-Protection-Regulation-guidance

What Will the GDPR Mean for Your Organisation?

This will be followed by focused blocks of information that will inform services about how you will be affected. These are expected to be:

  1. Data protection accountability and governance
  2. Privacy by design and default
  3. Implications of the GDPR for Health and Social Care Research
  4. Health and Social Care Research: legal basis and safeguards
  5. Transparency, consent and subjects rights
  6. Consent
  7. Pseudonymisation
  8. Personal data breaches and notification
  9. Profiling and risk stratification
  10. GDPR overview
  11. What's new and what changes

There is also a fairly recent newsletter (March 2017 IGA newsletter) and a webinar (GDPR webinar) for services to read and watch to provide early support in the face of such a significant piece of legislation.

The earlier you begin to understand these changes will mean for your service and plan for them, the easier they will be to implement on time.

*All information is correct at the time of publishing

Topics: Legislation

Leah Biller

General Practice Specialist

Leah has an extensive background in all aspects of healthcare including practice management. She is seen as someone to depend on to take on a challenge and turn it around for the better. After a short time in working with the law she moved on to healthcare in 1985 after a routine appointment at her local GP had her walking out as practice manager. That started her on the general practice trail and then into acute, primary and community as well as health regeneration plus a Master’s in Primary Care from QMUL graduating in 2003 as the only non-clinician on the four-year course. Read more

Join over 53,000+ users already using the QCS Management System!
Start Free Trial
Back to Top

Register here for your FREE TRIAL

  • Try our unique Management System, or any of our individual packs
  • PLUS! Gain FREE trial access to our Mock Inspection Toolkit
  • Over 2,300+ pages of easy to use guidance and 300+ policies & procedures

Simply fill out the form below and get full access for 24 hours to a QCS Management System of your choice.

Start FREE Trial Click here