Getting to this point hasn’t been straightforward… in fact, the route has been as bendy as a plate of spaghetti in a snake’s stomach! But we now think it’s safe to release this information prior to the National Data Opt-Out Programme which starts in July, no September, erm… well, whenever – pick a date.

As you’re soon to jet off on holiday, or maybe jump in a car and head to the seaside, you probably have even less time to get through your in-tray just now. Therefore, I’d suggest that privacy notices are almost certainly not on the ‘important-stuff-to-do-before-I-go-on-holiday’ list. But all the same, they need to be done to meet the new data protection demands and they need to be done soon before you start to get grumbles.

So that you don’t miss out on your trip to the coast, the PI team have produced FOUR new DPO-friendly privacy notices, all ready for you to personalise and upload to your website to make patients and those in compliance circles feel all warm and cosy.

Notices in this series include:

1. Privacy Notice – Practice [PLUS]
2. Privacy Notice – Candidates applying for work [PLUS]
3. Privacy Notice – Employee [PLUS]
4. Privacy Notice – Children [PLUS]

In our quest to ensure that these privacy notices are perfect, we’ve spoken to those incredibly clever data protection people and specifically asked what was needed to meet the requirements of the UK General Data Protection Regulation (UK GDPR), the National Data Opt-Out Programme (NDOP) and the new General Practice Data for Planning and Research (GPDPR).

The detail

All privacy notice templates are extensive and provide useful signposting to all the required legislation.

Each notice explains:

• Who you are and how you use your patients’ information
• Who the Data Protection Officer is
• What kind of personal information the organisation processes about patients
• What the legal grounds are for the processing of your patients’ personal information (including when you share it with others)
• What patients should do if their personal information changes
• How long a patient’s personal information is retained by you
• What your patients’ rights are under data protection laws
• Special categories of personal data relevant to your patients
• How you maintain the confidentiality of your patients’ records
• Where information is stored
• Who your partner organisations are with whom you share information
• How patients can access, amend or move their personal data
• How to object or complain
• How to ask for more information

1. Practice Privacy Notice [PLUS]

The Practice Privacy Notice also provides:

Extensive information on the legal basis for collecting, analysing and sharing data with NHS Digital, and a social media/website information-update template explaining the new GPDPR to patients.

Furthermore, this notice informs patients of text-messaging, email and telephone-message information templates, explaining the new GPDPR to patients and, importantly, giving guidance to staff who may be required to respond to queries about the current data opt-outs that are available.

2. Candidates Applying for Work Privacy Notice [PLUS]

This notice tells candidates how their data will be used and for what purpose, whilst allowing any to opt out of sharing their data, should they wish to do so.

It also details DBS processes and the candidates’ rights when it comes to obtaining a copy of, or access to viewing, any information held about them.

3. Employee Privacy Notice [PLUS]

The Employee Privacy Notice specifically informs employees of the types of information held about them, including:

• Recruitment information
• Contract of employment
• Identification documents
• Information relating to disciplinary or grievance investigations and proceedings
• Information relating to performance and behaviour at work
• Training records
• Electronic information in relation to the use of IT systems/swipe cards/telephone systems
• Information from the Disclosure and Barring Service (DBS) in order to administer relevant checks and procedures
• Vaccination and immunisation status/information
• Information to allow the payment of salaries
• Emergency contact information

4. Children’s Privacy Notice [PLUS]

The Children’s Privacy Notice provides all the relevant information in an appropriate, easy-to-read format for younger patients, ensuring that children understand what information is being held about them and how this information may be used.

All privacy notices are written in clear and straightforward language, which data subjects can easily understand, and they can be amended simply to include your own organisational nuances.

What’s next to be done?

Embrace GPGDR, download these new privacy notices, strike through ‘Privacy Notices’ on your to-do list and go and find that bucket and spade… Sunshine here we come!