The GDPR has been heard throughout the industry over the last year. More so recently as the deadline comes closer and our inboxes have become inundated with ‘stay subscribed’ emails. With a deadline of 25th May 2018 it is therefore important to not only understand GDPR from a business point of view but also a customer to ensure your data stays safe and you are complying!
What exactly is GDPR?
The EU’s General Data Protection Regulation (GDPR) was introduced to ensure all data is protected, meaning all data laws are applied identically in every country within the EU. This will then protect EU citizens from organisations using their data irresponsibly and puts them in charge of what information is held, where it’s held and how it’s used and shared.
How does the new data regulations affect you?
Working in the medical industry we hold a lot of data, from personal data such as name and email address to sensitive data including allergies, past procedures and blood types. It is therefore important we are clued up on how it is managed. The ICO (Information Commissioners Office) have developed a 12 step guide to ensure those holding dating within the EU are abiding by the rules.
Awareness – understanding what GDPR is. Ensure you have a good understanding of your data and how it’s managed. One you have this it is important you share this information with all your employees.
Information you hold – listing all of the information you currently hold, who with and the journeys it takes.
Individual’s rights– check all of your data processes so that they are inline with your individuals rights.
Subject access requests – updating how you handle. Ensure you know how to access your data should you need to
Lawful basis for processing personal data – identifying the laws around your data and documenting it.
Consent – reviewing how you seek, record and manage consent when obtaining data from past present and new customers
Children – how you deal with parental consent regarding children (this may not necessarily be an area you need to be concerned with in medical aesthetics as all of your patients should be over 18)
Data breeches – making sure you have the right systems in place to detect and report a data breech within the company.
Data protection by design and data protection impact assessments – familiarise yourself with ICO’s code of practice on Privacy Impact Assessments
International – determine your lead data protection supervisory authority if your company operates in more than one EU state.
You can view more information on the ICO’s 12 steps here.
The key point of GDPR is to be transparent with your customer’s data. It is important to be able to show a policy for how you store the data and show the journey of the data collected.
Those who breech the data regulations will face a fine up to 4% of the company’s annual turnover.
How do Cosmetic Courses abide by the new data laws?