GDPR: Please don’t panic!
The GDPR deadline has passed, but over the last few months we have all had a mammoth number of emails hit our inbox, as organisations desperately try and get our consent to be communicated with.
Firstly, if you don’t feel you’ve met GDPR requirements, don’t panic. GDPR is a data journey that doesn’t end with the deadline. Therefore, there is still time to get up to scratch and avoid hefty fines.
Evidence suggests that there is still a lack of understanding of exactly how GDPR works, with many thinking any type of data requires consent.
For example, the following text message has been sent by some NHS Trusts: “The law is changing and we must get explicit permission from patients when using their data. To continue to receive SMS text messages reply START”.
But this is simply not the case. Communicating accurate, essential information is absolutely fine. For example, text message reminders about appointments do not require explicit consent. Also the NHS uses a different lawful basis for processing personal data.
Another main element of GDPR is data security. Whether this be robust systems that store data and prevent breaches; ensuring data is always accurate; knowing exactly where all information on each individual is stored; or that it is shared on a need to know basis. This is why the digitalisation of NHS systems is so important. Ensuring data on each contact is held in one central point, allows you to update easily; delete quickly when appropriate and limit access to only the people who need it.
If you want more detailed information about GDPR and the NHS please don’t hesitate to talk to get in contact. We can also talk to you about the digitalisation of patient records. It’s also worth looking at our web page about digitalisation of records
There is also a new webinar we’ve hosted in conjunction with the ICO which gives a good over view of requirements: