Posts Tagged: GDPR

GDPR Myths and Questions #4 – Explicit Consent

Why we don’t think explicit consent is necessary. There are some sources advising osteopaths that they must get patients to sign that they can give you their health data. At Mint we think that obtaining explicit consent for collecting health data is unnecessary (and so does the Incormation Commissioner’s Office) and here is why: Explicit consent is not appropriate for health data because it is not possible for patients to withdraw consent. If a patient does not consent to their data being processed in the clinic the osteopath is unable Continue Reading »

GDPR Myths and Questions #3 – Consent and Lawful basis

You need to identify the lawful basis you are using for processing someone’s personal data – i.e. your justification for processing that data. There are 6 different lawful bases that you may use, for any given set of data. One of these is consent, but there are others too – e.g. ‘contract’ (valid if someone’s personal data needs to be processed to fulfil your contractual obligations, or because they’ve asked you to do something before entering into a contract, such as provide information). This is completely separate from your consent Continue Reading »

GDPR Myths and Questions #2

Another GDPR question and a concern.. To encrypt or not to encrypt? A question has been raised whether passwords are sufficient or do you need to encrypt your computers and phone? I think I would first of all wind back a bit and ask whether you have secure passwords on all your devices? If you don’t then that is your first plan of action. There are detailed arguments for and against encryption but I would make sure you have good security in place anyway before you even begin to consider Continue Reading »

GDPR Myths and Questions #1

This is the start of a weekly series of blog posts answering some of your questions and addressing some of the myths around GDPR. I’ll be posting some memes and a brief video on facebook each week too, summarising this information. So let’s get straight to this weeks items: 1) Yes you do have to comply with GDPR – 25th May 2018, the law comes into force for everyone. I’ve seen people quote part of the GDPR stating that because we have less than 250 people in our organisations we Continue Reading »

Are you ready for the new data protection rules?

The new Data Protection rules come into force on 25th May 2018.  The Information Commissioners Office is helping people to prepare with webinars and courses.  You can watch the webinar for Health Sector small businesses here:  (scroll down the page for the webinar) There are also free workshops as follows: 11 October 2017: Congress Centre, 28 Great Russell Street, London 7 November 2017: Crowne Plaza Hotel, Central Square, Birmingham 9 November 2017: Principal Hotel, Oxford Road, Manchester Here is a Mint Practice Summary of the rules as applied to Osteopaths: Continue Reading »