The EU General Data Protection Regulation (GDPR) came in to force in the UK on May 25th, 2018. The scope of the changes under the new Regulation means that preparing for the GDPR will have been a high priority for the past 6 months. The workshop will explore the detail of the new GDPR regulation – it will look at what has been done within the practices, how they have done it, who is responsible – and will also assess what else they need to do or indeed what they can do differently. The second part of the programme will focus on the role of the DPO – the role and the responsibilities and how they manage GDPR compliance for the practice.
Practices will need to carry out audits of the patient data and employee personal data that is collected and processed to ensure that it meets GDPR conditions for patient and employee consent. New governance and record-keeping requirements mean that you will also have to create or amend policies and processes on privacy notices, data breach responses and subject access requests. There is a much greater emphasis on compliance following a widely-held belief that business up to now has not taken data privacy seriously enough. Possible penalties are considerably harsher and importantly now include small and medium businesses within the Public Sector. But, remember the new GDPR compliance requirements are not just about waving fines – they’re about realising that the data, upon which your business or practice is built, is managed in an appropriate, respectful, and lawful manner – and that the right levels of accountability and governance are applied by the practice.
There has never been a more important time to ensure that best practice is in place to secure patient and staff data, protect reputation and ensure compliance. A planned and structured approach is required to fully understand the necessary changes for both systems and user behaviour. And the role of the Data Protection Officer is pivotal to the GDPR compliance of the practice.