In January the U.K. Information Commissioner’s office issued a guide to preparing for the new European Union General Data Protection Regulation (GDPR).

“The GDPR places greater emphasis on the documentation that data controllers must keep to demonstrate their accountability,” it notes.

These are the highlights”

–Make sure key decision makers know the GDPR will be implemented May 25, 2018 and the impact it will have

–Document what personal information on EU citizens the company collects

–Review current privacy notes and put a plan in place to make any changes to meet the GDPR

–Check company produces to ensure they cover all the rights EU citizens have under the new legislation, including how personal data will be deleted

–Update procedures and plan how the company will handle data access requests

–Look at the various types of data processing you carry out, your legal basis for carrying it out and document it

–Review how the company seeks, obtains and records consent and whether there need to be changes to comply with the GDPR

–Start thinking about putting systems in place to verify individuals’ ages and, if necessary, gather parental or guardian consent for data processing

–Make sure you have the right procedures in place to detect, report and investigate a pesonal data breach

–Prepare a privacy impact assessment

–Designate a data protection officer, if required

You may also find this FAQ from the European Union helpful.

Related Download
HealthTech and Security: Sharing and Safeguarding Patient Data Sponsor: Absolute Software
HealthTech and Security: Sharing and Safeguarding Patient Data
Data is critical in modern healthcare, and safeguarding that patient data is a top concern and regulatory requirement, especially with rising healthcare-related cybercrime. But it also creates workflow challenges related to sharing that data to provide better patient care.
Register Now