We've noticed your using a old browser this may cause issuse when experincing our site. We recommend updating your browser here this provides the latest browsers for you to download. This just makes sure your experince our website and all others websites in the best possible way. Close

General Data Protection Regulation (GDPR) policy

by in GDPR, GP Practice Management

GDPR policyEveryone is talking about GDPR, but what does it actually mean? Are you wondering how it will affect you and your practice? Now is the time to take action! Our GDPR policy will give you an overview of the regulation and how you can begin to prepare for it effectively.

Since releasing the GDPR policy, NHS Digital Information Governance Alliance (IGA) has issued additional guidance. This is reflected in our policy.

In addition, a GDPR checklist has been added to the policy as Annex C, to help practices further…

33-page document. See table of contents below.

Here is a snapshot of a section of the policy:

upload_2018-2-8_21-17-17.png

Table of contents

1 – Introduction 3
1.1 – Policy statement 3
1.2 – Status 3
1.3 – Training and support 3
2 – Scope 3
2.1 – Who it applies to 3
2.2 – Why and how it applies to them 3
3 – Definition of terms 4
3.1 – Data Protection Officer 4
3.2 – Data Protection Authority 4
3.3 – Data Controller 4
3.4 – Data Processor 4
3.5 – Data Subject 4
3.6 – Personal data 4
3.7 – Processing 4
3.8 – Recipient 4
4 – The build-up to the GDPR 5
4.1 – Background 5
4.2 – NHS Digital 5
4.3 – Aim of the GDPR 5
4.4 – Brexit and the GDPR 5
5 – Roles of data controllers and processors 6
5.1 – Data controller 6
5.2 – Data processor 6
6 – Access 7
6.1 – Data subject’s rights 7
6.2 – Fees 7
6.3 – Responding to a data subject access request 7
6.4 – Verifying the subject access request 8
6.5 – E-requests 8
6.6 – Third-party requests 8
7 – Data breaches 8
7.1 – Data breach definition 8
7.2 – Reporting a data breach 9
7.3 – Notifying a data subject of a breach 9
8 – Data erasure 10
8.1 – Erasure 10
8.2 – Notifying third parties about data erasure requests 10
9 – Consent 10
9.1 – Appropriateness 10
9.2 – Obtaining consent 11
10 – Preparing for the GDPR 11
10.1 – Data mapping 11
10.2 – Data mapping and the Data Protection Impact Assessment 11
10.3 – Data Protection Impact Assessment 12
10.4 – DPIA process 12
11 – Summary 13
Annex A – The data mapping process 14
Annex B – The Data Protection Impact Assessment 21

 

Rating
[Total: 5    Average: 2.8/5]
Practice Index

Practice Index

We are a dedicated team delivering news and free services to GP Practice Managers across the UK.

View all posts by Practice Index
NEWS: Patients get app to access practices

January 24, 2019

Discord Among the Team

January 31, 2019

No comments yet.

Get in the know! Keeping practice managers updated and connected.

Subscribe to our FREE weekly email newsletter: