Office opening hours: 8.30am to 5.30pm Monday to Friday. Offices closed on Bank Holidays.
Home Menu Search

GDPR Headlines - Top Tips

BMA Guidance

To read the BMA’s latest guidance on Subject Access Requests (including fees), Data Protection Officers, FAQs and more go to: https://www.bma.org.uk/advice/employment/ethics/confidentiality-and-health-records/general-data-protection-regulation-gdpr and click on ‘further information’.

BMA GDPR Privacy Notices

Template GDPR (PPNs) have now been published on the GDPR in the BMA resources section. The hubpage also contains information on the regulation and hosts a suite of resources and blogs to help guide members, including a new GDPR webinar to help practices prepare. Click here to download more information: https://www.bma.org.uk/advice/employment/ethics/confidentiality-and-health-records/general-data-protection-regulation-gdpr/gdpr-and-practice-privacy-notices-ppns

Principles of Data Sharing for GPs

In light of GDPR / DP 2018 we are aware that many practices are asked to review Data Sharing Agreements, to this end the following document provides practices with an updated guide reflecting current legislation (and we thank Londonwide LMCs for sharing this document):  Principles of Data Sharing for GPs

GDPR Templates - May/June 2018

Please see below a number of policies relevant to the GDPR. You may wish to adapt/amend the documents for your own surgery, but you do need to make sure that it reflects the arrangements within your own organisation as they will inevitably vary from practice to practice. Our thanks to the Testvale Surgery and The Centre Practice for sharing their policies with us.

Data Map Audit

GDPR Privacy Notice v2 April 2018

GDPR Personal Data Breach Policy

Personal Data Breach Monitoring Template

Data Protection & Medical Confidentiality Policy

Access to Medical Records / Subject Access Request Policy

Employee Privacy Policy

GDPR Web Updates - May 2018

We’ve reviewed and updated the following guidance on our website so that it reflects the new GDPR requirements. Not all the guidance has changed particularly significantly but it may be useful for future reference.

Staff and Confidentiality: https://www.wessexlmcs.com/staffandconfidentiality

Employment Contract Clauses: https://www.wessexlmcs.com/employmentcontractclauses

Release of Data without Consent: https://www.wessexlmcs.com/releaseofdatawithoutconsent

Personal Data Rights: https://www.wessexlmcs.com/personaldatarightsaccesscorrectionobjectionmore

Confidentiality after Death: https://www.wessexlmcs.com/confidentialityafterdeath

Freedom of Information Act: https://www.wessexlmcs.com/freedomofinformationact2000

SMS Text messaging: https://www.wessexlmcs.com/textsmsmessaging

The Data Security and Protection Toolkit: https://www.wessexlmcs.com/informationgovernancerequirementsforgeneralpractic

What is the GDPR (General Data Protection Regulation)?

The GDPR is a regulation that is applicable from 25th May 2018. Its strengthens the protection of personal data. The UK is enacting a Data Protection Bill which enshrines the provisions of the GDPR into UK law and establishes continuity of the GDPR in the UK post Brexit. The Data Protection Act will be repealed at this time.

Compliance is essential as fines under the GDPR are up to a maximum of 20 million Euro or 4% of turnover.

The GDPR strengthens the controls that organisations (data controllers) are required to have in place over the processing of personal data, including pseudonymised data.

Headline Requirements

Practices that are performing well in their information governance toolkit will have a good baseline to work from. However, organisations will be required to take specific actions and to be able to evidence that they have done so.

The Information Governance Alliance (see: https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/information-governance-alliance-iga/general-data-protection-regulation-gdpr-guidance) has published general guidance and some resources for primary care.

The British Medical Association has published guidance at:  https://www.bma.org.uk/advice/employment/ethics/confidentiality-and-health-records/general-data-protection-regulation-gdpr  

The information commissioners office, who regulate data protection law, have published a couple of check lists which may be helpful,  https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/

They also have GDPR specific webpages at:  https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

And the GPC has advised the following:

The LMC will be sending out further information and advice to practices as it becomes available and we hope the above is helpful in the meantime.

'To access our FREE monthly webinars, please log-in to our website and access the members section next to the ‘my account’ button: https://www.wessexlmcs.com/membershipsectionhomepagePlease note that these live webinars are only available to our member practices’

This page appears in...

Download and bookmark...

About this page...

Updated on 03 September 2018 4674 views