Everyone is talking about GDPR, but what does it actually mean? Are you wondering how it will affect you and your practice? Now is the time to take action! Our GDPR policy will give you an overview of the regulation and how you can begin to prepare for it effectively.

Since releasing the GDPR policy, NHS Digital Information Governance Alliance (IGA) has issued additional guidance. This is reflected in our policy.

In addition, a GDPR checklist has been added to the policy as Annex C, to help practices further…

33-page document. See table of contents below.

Here is a snapshot of a section of the policy:

Table of contents

1 – Introduction 3
1.1 – Policy statement 3
1.2 – Status 3
1.3 – Training and support 3
2 – Scope 3
2.1 – Who it applies to 3
2.2 – Why and how it applies to them 3
3 – Definition of terms 4
3.1 – Data Protection Officer 4
3.2 – Data Protection Authority 4
3.3 – Data Controller 4
3.4 – Data Processor 4
3.5 – Data Subject 4
3.6 – Personal data 4
3.7 – Processing 4
3.8 – Recipient 4
4 – The build-up to the GDPR 5
4.1 – Background 5
4.2 – NHS Digital 5
4.3 – Aim of the GDPR 5
4.4 – Brexit and the GDPR 5
5 – Roles of data controllers and processors 6
5.1 – Data controller 6
5.2 – Data processor 6
6 – Access 7
6.1 – Data subject’s rights 7
6.2 – Fees 7
6.3 – Responding to a data subject access request 7
6.4 – Verifying the subject access request 8
6.5 – E-requests 8
6.6 – Third-party requests 8
7 – Data breaches 8
7.1 – Data breach definition 8
7.2 – Reporting a data breach 9
7.3 – Notifying a data subject of a breach 9
8 – Data erasure 10
8.1 – Erasure 10
8.2 – Notifying third parties about data erasure requests 10
9 – Consent 10
9.1 – Appropriateness 10
9.2 – Obtaining consent 11
10 – Preparing for the GDPR 11
10.1 – Data mapping 11
10.2 – Data mapping and the Data Protection Impact Assessment 11
10.3 – Data Protection Impact Assessment 12
10.4 – DPIA process 12
11 – Summary 13
Annex A – The data mapping process 14
Annex B – The Data Protection Impact Assessment 21