This is the start of a weekly series of blog posts answering some of your questions and addressing some of the myths around GDPR. I’ll be posting some memes and a brief video on facebook each week too, summarising this information. So let’s get straight to this weeks items:
1) Yes you do have to comply with GDPR – 25th May 2018, the law comes into force for everyone.
I’ve seen people quote part of the GDPR stating that because we have less than 250 people in our organisations we don’t have to comply. There are two responses to that – firstly there are just fewer requirements for smaller organisations but every charity, business and organisation has to comply; secondly, osteopaths are using what is classified as sensitive data – health data and therefore have to comply fully with good data processing procedures.
All osteopaths will have to comply as well as osteopathic communities of practice and groups and all types of osteopathic practices.
Our module helps you to understand how to comply with GDPR.
You can find the appropriate sections here if you want to read more:
2) You have to comply if you are an associate
As an associate you still have responsibility for the data that you process. It is highly likely that you will have patient’s telephone numbers, have emailed patients, access patient data from your own devices, have patient data for your accounts processing etc. You are most likely self-employed and therefore have to take responsibility for your own data processing activities.
Every osteopath should be registered with the ICO as a data processor – this is not a new requirement. At the moment this costs £35 per year but it is going up in April to £40. It’s quick and easy to register here:
3) Other information – courses and a helpful spreadsheet
I’m doing 2 lectures on GDPR in April:
a) Cambridge Osteopath Group on 11th April 7-9pm – a 2 hour overview of GDPR. Contact here: firstname.lastname@example.org to find out more and reserve a place
b) University College of Osteopathy on April – an all day workshop – this will provide information on GDPR and the practical workshop style enables you to leave the day with a GDPR policy for your clinic. Sign up here: https://www.uco.ac.uk/courses/gdpr-data-protection-workshop
My web manager (www.hexagonwebworks.com)has produced a really nice spreadsheet you may like to use for your data processing audit –Hexagon-Webworks-GDPR-Data-Audit-Template