30 May 2018

Why should you care about the new GDPR law?

GDPR is more than a mere irritating inbox-clogging phenomenon. On 25th May, the General Data Protection Regulation will come into effect. This new law will require the consent of subjects for data processing. It will anonymize collected data to protect privacy, while providing data breach notifications and handling the transfer of data across borders.

So…why should you care?

To put it simply, you should care because the new law protects the personal data of both yourself and others. In order to maintain a high standard of professionalism, in accordance with the excellent standard of care Newcross provides, it is essential, firstly, to ensure that private information regarding service-users is safeguarded appropriately. As there is no definitive specification of what is or isn’t ‘personal data’, it all boils down to how the GDPR’s definition is interpreted. It reads:

“‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’).”

What exactly does this cover? The GDPR clarifies… 

“An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Take a moment to consider just how much personal information this definition entails… Ranging from medical history, political opinions and Social Security numbers, to IP addresses, hair colour and occupation - the process of agreeing to how data is stored is pertinent to its safeguarding.

What’s more, failing to comply with new GDPR legislation could result in large fines. UK organisations were handed a record £4.2m in data protection fines in 2017, and as new GDPR laws come into existence, companies risk even larger fines for failing compliance.

What is Newcross doing to protect sensitive data?

Newcross has always been at the forefront of quality assurance and we’re proud of our track record for protecting confidentiality and privacy.

Long before GDPR emerged, we were independently accredited as being compliant with ISO 27001:2013, the international benchmark for managing information. This means that we already subscribe to a set of standards that ensure the security and safe handling of our computer systems and data.

In response to GDPR, we’re updating policies and procedures and providing new, enhanced training and information for office and healthcare staff. We’re also undertaking additional reviews of our databases and procedures.

How will it affect your work?

Inevitably, it’s necessary to gather often very personal information in the course of providing care.

In the first instance, it’s vital to remember that we must only gather information about individuals - whether service users, clients or colleagues - that’s necessary and justifiable. So be careful of what you write down and record.

Being vigilant is also important; keeping an eye out for sensitive information and constantly ensuring it is well managed and properly protected. Additionally, we need to ensure that we destroy or delete data as soon as there is no further need to retain it.

In this light, when you receive communications about GDPR or are asked to undergo training, you need to pay close attention.