Robert Masson, founder of The DPO Centre, discusses some of the lessons learnt about data protection from working with a range of organisations and how they apply to the care sector, and explains how some basic principles can be applied across the board
For many businesses and organisations in the care sector, interpreting the numerous requirements of data protection compliance and translating them from ‘legalese’ into what they actually mean on a day-to-day operational basis is not always easy.
Much has been written in the press, particularly about the general data protection regulation (GDPR) and there’s been a plethora of comment and advice. Unfortunately, much of this information has been inaccurate and in some cases fundamentally incorrect. With no case law or precedents yet available to act as a guide, it’s not clear how the legislation will be interpreted by the courts or the level at which penalties will be imposed for non-compliance.
There has also been talk of the seven key principles and six lawful bases of GDPR; healthcare providers must apply the ethical principles of Caldicott guardianship. In doing so, there’s the overarching requirement to demonstrate compliance and be accountable for the personal data you process. The GDPR implies that your organisation does not own someone’s personal data, but merely borrows it so that it can do its job.
Log in or register FREE to read the rest
This story is Premium Content and is only available to registered users. Please log in at the top of the page to view the full text.
If you don't already have an account, please register with us completely free of charge.
