The key personnel in your organisation should be aware that data protection laws have changed. Team members should have UK GDPR training provided by the practice.
A key person should be appointed to take overall responsibility for complying with UK GDPR and for ensuring data protection has a very high priority within the practice or organisation.
Practices should review and enhance their risk management processes and record their actions.
You should think about what could cause a data breach or security problem in the practice and what you could do to reduce the risks of a breach.
Think about the risks relating to paper records and electronic records and how you can mitigate these risks.
- Do not leave people’s information out on your desk
- Do lock filing cabinets
- Do not leave data displayed on a screen (use a screensaver)
- Do not leave your computer logged on and unattended
- Do change your password frequently
- Do not choose a password that’s easy to guess
- Do not give your password to anyone, ever!
- Never send anything by fax or e-mail that you wouldn’t put on the back of a postcard
- Do not disclose any personal information without the data subject’s consent or verifying the enquirer (e.g. phone the police officer back via the station switch board)
And finally, …
Never put anything on email that you don’t want to see on the front page of the Daily Mail because…
The internet never forgets!
- Make a list of all the things in your practice that could cause a data protection breach or a security issue. Then add the risk involved and what you have done or need to do to mitigate the risk. This risk assessment is your first step in being able to demonstrate that you are working towards compliance with UK GDPR requirements
- All practices should ensure they have a clear, robust, binding written contract with their practice management software suppliers and all other external data processors that ensure they comply with UK GDPR.
- Who can hear your phone call?
- Who are you actually talking to?
- Do they really need to know?
- Who can see your PC screen?
- Where does waste paper go?
- Provide training to all team members
- Appoint a key person for data protection responsibilities
- Risk assess the current data protection compliance
- Enhance the data compliance policies and procedures
- Make a list of all the things in your practice that could cause a data protection breach or a security issue
- Have robust contracts with practice management software suppliers and all other external data processors that ensures they comply with UK GDPR.