The biggest change is just around the corner…



GDPR was designed to harmonise personal data privacy laws across Europe, to protect all EU citizens data privacy and to reshape the way organisations approach data privacy.


What makes up personal data?
Personal data means any information relating to an identified or identifiable person, no matter how it is captured and store – so personal data on computers, tablets and including paper files will be caught by the new regulation.


What happens if I am not compliant with the new regulation?
Punitive compensation damages. Anyone caught misusing personal data will be fined, and this could be very punitive indeed. It just isn’t worth it. Take the time now to make sure that you are GDPR compliant and protect your practice and your patients’ data for the future.


What do I need to do to be compliant?
Take a look at our step by step guide here. This will walk you through the key steps you need to take to be ready for the 25th May and beyond. This doesn’t have to be an admin horror story!!


Critical Points

  1. You need to audit what personal data your clinic collects this doesn’t just catch medical records, but includes for example an analysis of marketing data and HR data
  2. In order to use personal data and in particular sensitive data, such as medical data you need to show: Explicit consent
    • Vital interests of patient – this is say for reasons of their health
    • Necessity to establish or defend a claim – i.e. medical records
  3. The Information Commissioners Office wants businesses to be under an obligation to spell out what data they collect, what they do with it and stick with what they have told the consumer. The key points are:
    • Right to be Informed – patients understand how data is stored and used
    • Right of Access – patients have the right to obtain access to their data.
    • Right to Rectification – patients have right to correct their information
    • Right to Erasure – data can be held only for as long as is necessary, but no requirement to delete if held for a defence claim
    • Right to Object – stop receiving direct marketing
  4. Clinics process special category data and need to have documentation on processing activities, data protection policies, staff training and HR policies. Implement measures such as:
    • Data minimisation & transparency
    • Access levels, erasure & correcting
    • Improving security features on an on-going basis
  5. Data Breach – such as loss of a health record due to lack of appropriate controls.
    Reporting time scales are short and therefore require robust detection, investigation and reporting procedures to be in place.


  6. Consentz is at the forefront for developing its software and legals to be prepared fully for GDPR. Have a look around our website and get in touch, we’re here to help.


    Download our Guide here.