The new GDPR legislation affects every organisation that holds a large amount of personal data, and that of course includes the NHS.
GDPR supersedes existing NHS data protection guidelines and NHS interpretations of the Data Protection Act 1998 and will be a significant burden at least in the coming 12-24 months.
All healthcare organisations handling patient data will have to demonstrate GDPR compliance by May 2018 and failure to comply can result in a hefty fine (in the most serious cases up to €20m or 4% of an organisation’s total annual worldwide turnover) and loss of reputation. Will you be ready?
Prepare your organisation and your workers for the GDPR and data protection changes with our range of online data protection learning courses.
Under the GDPR, most healthcare organisations will need to have certain roles in place, such as a Data Protection Officer (DPO), who will take responsibility for data compliance and data protection.
The DPO will have to revise and update information governance policies and address accountability and reporting procedures and healthcare bodies will have to demonstrate how they are complying with the new law, keeping records of all data processing activities (including deletion).
Data breach notifications will be a legal requirement and must be reported within 72 hours and patients will be able to access their records free of charge and the rules around consent now err heavily in the favour of the patient, who will now have the right to data portability. In addition, high-risk processing activities will need a data protection impact assessment.
Nowhere is data being used more innovatively than the NHS but this means that the careful handling of patient data is extremely important. The public must be able to depend on their data being handled securely, yet information needs to be shared safely and efficiently to continually improve healthcare services.
Do you have a question?
Whether it’s a technical question or a sales enquiry, our helpdesk and sales teams will be happy to help.