What is GDPR
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) and to replace the existing EU Data Protection Directive on May 25, 2018. It is intended to enhance and harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
Who does GDPR apply to?
The GDPR applies to all organisations operating in the EU or processing “personal data” of EU residents. It defines personal data as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
The BCMA and GDPR
Who does GDPR apply to?
As a data controller/processor, you will need to be registered with the ICO.
We are not qualified to give you specific advice for your business and encourage you to check the ICO Website for detailed information. They have even created a specific help page for those working within health and holding patient information, which you can check out here. If you still have questions, then we encourage you to contact the ICO or seek the help of a professional.
GDPR some of your questions answered
Where can I find out more information about GDPR?
Go to https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ and read the information.
What has BCMA got to do with GDPR?
We at the BCMA believe that the protection of our members’ and their patients’ data is fundamental. It is our intention to be fully GDPR compliant by 25th May 2018. We encourage all our members to be GDPR compliant. We are happy to answer any questions on compliance to the best of our ability but would direct you to the ICO Website for detailed information or to ask a Data Protection Expert if you need further assistance.
Do I need to get Patient consent?
You are not required to automatically ‘repaper’ or refresh all existing DPA consents in preparation for the GDPR. But if you rely on individuals’ consent to process their data, make sure it will meet the GDPR standard on being specific, granular, clear, prominent, opt-in, properly documented and easily withdrawn. If not, alter your consent mechanisms and seek fresh GDPR-compliant consent, or find an alternative to consent.
Do you store cookies?
Which third party cookies do you use?
We use Google Analytics to collect anonymized data about visitors to this site. We use this data to improve visitor experience, and to help us make the site better and attract more visitors. Google Analytics records:
The website the visitor came from to get to this site.
The kind of computer they are using (Windows, Mac, etc. as well as information like screen resolution, web browser etc.)
The visitor's general location (eg: London, United Kingdom)
Where the visitor clicked on the site and how long they stayed for.
In using Google Analytics, we are bound by Google Analytics Terms of Service