GDPR makes organisations more accountable for collecting, storing, and disposing of personal information and gives more control to individuals over how their personal data is used.
You should review and enhance your data protection risk management procedures to help prepare for the new legislation.
Here’s a short overview of what has changed and what you need to do for compliance:
Here is an overview of what has changed and what you need to do for compliance
· All team members should be aware of the data protection law changing.
· Everyone is responsible for data protection
· Strict safety and security measures should be in place for:
· Make changes to your website.
· Become accountable for the information you hold.
· Start by making an inventory of all the personal data you hold on team members and customers.
· Determine your legal basis
· Review and enhance your privacy notices for team members & customers
· Be aware of personal privacy rights changing
· Individuals have the right to access their information without charge and within one month of the request.
· Decide if you should get consent for:
- Text message reminders
· Data protection breaches must be reported within 72 hours to your DPA, unless the data was anonymised or encrypted
· Mitigate risks using data protection impact assessments
· Use privacy by ‘design and default’ approach on everything you do.
· Appointment a Data Protection Officer if you are required to do so.
It is important to keep the GDPR changes in perspective. The intention is not to paralyse businesses in general and dental practices in particular, so our message is stay grounded, make some changes, take the actions outlined and be vigilant with respect to privacy and data protection.
It is clear that this is an evolving situation and no one, not even the Data Protection Authorities have all the answers to GDPR and its’ implications
We will continue to evolve our thinking as new information becomes available and will keep you informed of any changes as they become apparent.