https://www.vetsurgeon.org/members/michael-88Michael Coe's recent activityen-USTelligent Community 10https://www.vetsurgeon.org/f/non-clinical-questions/26452/gdpr--general-data-protection-regulation---may-2018---michael-coeWed, 22 Nov 2017 12:16:08 GMT146601cc-3922-4be7-9974-7e1d4e45a66b:5b803955-4196-47ec-91b3-2a92948386b4Michael Coe<p>It&#39;s been interesting to read all the comments on here regarding the new GDPR regulation coming into force on May 25th 2018. The new regulation does raise some interesting thoughts and questions for everyone who has to deal with handling data.</p> <p>The new GDPR regulation covers far more than the previous Data Protection Act 1998, in terms of how we now use technology. i.e. Social Media,Marketing, CCTV,Telephone marketing, transferring of Clinical records / Clients records.etc</p> <p>The new legislation gives individuals more rights and controls over their &quot;Personal&quot; Data and how it is shared. This is one of the major changes that will come into force as of May 2018.</p> <p>Keeping this in mind, it is essential to get ready now and to start to put into place new systems; so that all individuals data is kept secure. The Regulation covers both Manual Filing systems and Electronic systems such as computers.[In terms of computers / lap tops / tablets etc these are classed as portable data and must also be secured appropriately under the GDPR regulation]</p> <p>The main changes are around the use of technology in business. This does include all social media, such as Facebook, Twitter, direct marketing, emails and telephone calls. [Plus CCTV if you have it installed in the Practice or other locations to do with your business].</p> <p>So if your team are like many others out there; posting pictures of clients pets and visits to the practice, practice pictures etc then under GDPR you will need the clients &quot;Consent&quot;.&nbsp;</p> <p>In terms of clinical records,these will be bound under GDPR and it will be necessary to get some form of &quot;Consent&quot; to transfer from the client. The &quot;Consent&quot; in this area is a little &quot;Grey&quot; as there is a &quot;legal duty&quot; under professional codes of conduct. I feel this is going to be one of the areas which may bring to light &quot;claims&quot; under the GDPR Regulation,as clients who have issues in practice; may deem their data as an individual, has been breached during &quot;Transfer&quot;. Again this is new territory in terms of potential &quot;legal claims&quot; being made, as there will be little test cases to go on at first.</p> <p>Legal issues may also revolve around those practices registered with the regulator and those not Registered. It is estimated that 1 million businesses are not registered for Data Protection with the Regulator. This may flag up issues of breaches under GDPR as documents are &quot;transferred&quot; from a regulated practice under the regulator to ones which may not be registered.</p> <p>The main changes around GDPR are greater legal responsibilities for the following areas:</p> <ul> <li>Consent</li> <li>legal duties of &quot;Controllers&quot; and &quot;processors&quot;</li> <li>Subject Access requests &nbsp;[ Time to respond]</li> <li>Individuals rights</li> <li>Lawful basis for processing data</li> <li>Hiring a Data Officer</li> </ul> <p>In terms of size of practice it is another &quot;Grey&quot; area as to whether a Data Officer is to be hired or outsourced to another company. In regards to outsourcing this does not diminish your legal responsibilities as such.</p> <p>This is new legislation and you and your teams are going to have to be prepared. Its introduction is not far off and it may take time for your systems and policies and procedures to be in line. One area to be considered is that &quot;Training employees&quot; in Data handling is also being enforced. It used to be a one off training programme under the Data Protection Act 1998; however GDPR regulations regarding training of employees has to be on going.&nbsp;</p> <p>Is this a nice to have type of policy and procedure in the practice?</p> <p>I would say this is just as important along the lines of having in place robust Health and Safety polices and procedures. For those who are non compliant then the fines for breaching the GDPR are a percentage of your business turnover / profit.</p> <p>It is time to get ready and ensure all of your teams are aware of the new GDPR Regulation coming into force.</p> <p>I hope this answers some questions but undertaking GDPR training and workshops are the best;as there are more in-depth aspects to be learnt in terms of legal obligations, placed on you.</p> <p></p> <p>&nbsp;</p><div style="clear:both;"></div>https://www.vetsurgeon.org/members/aeverard/activities/8b755a78-f0dd-4886-a298-9c4ed1d44cc9Tue, 20 Sep 2011 11:35:39 GMT146601cc-3922-4be7-9974-7e1d4e45a66b:8b755a78-f0dd-4886-a298-9c4ed1d44cc9