GDPR stands for General Data Protection Regulation. It’s a game-changing data privacy law set out by the EU, and it’s enforceable NOW.
It’s an immense concern for all businesses; HOWEVER, Social care organisations hold a significant amount of personal information relating to staff, suppliers & people who need care and support.
So, what does everyone need to know?
If GDPR isn’t already on your organisation’s agenda, NOW is the time to act.
Brand New for 2019, our GDPR for Care Workers course highlights what is expected of care staff in regard to confidentiality and handling personal information correctly. An essential for any organisation that wishes to adhere to the data protection act lawfully. (Available as a DVD or eLearning)
Don’t be fooled, hefty penalties will be given out to any business that falls short of GDPR when dealing with EU citizen data.
GDPR places a legal obligation on organisations to process personal data securely. This includes
- - Protecting people’s privacy
- - The right to consent to data collection
- - The right to have data removed
The goal of this new legislation is to help align existing data protection laws all while increasing the level of protection for individuals. It’s been in negotiation for over four years, but the actual regulations are NOW in effect.
GDPR requirements: How to be GDPR compliant -
1. Obtaining Consent
- Your terms of consent must be clear. This means that you can’t stuff your terms and conditions with complex language designed to confuse users.
- - In the care sector, it is essential that the need for confidentiality is understood with respect and confidence.
- It means that those in the care sector must treat information about the individuals they support in confidence and with respect.
- There will always be a need to share information about a person you support within your team.
- - For you to deliver consistent and effective care, however the person you provide care and support for needs to be aware of this and they have to be made aware that information relevant to their care will need to be passed on verbally, or recorded within the team.
2. Data Breaches
If a security breach occurs, you have 72 hours to report the data breach to both your customers and any data controllers, if your company is large enough to require a GDPR data controller. Failure to report breaches within this timeframe will lead to fines.
GDPR completely changes the compliance risk for organisations which suffer a personal data breach due to revenue-based fines. This legislation ushers in huge financial penalties and a new global standard for data protection. Organisations which fail to comply with the rules are liable to fines of up to 4 per cent of their annual global turnover.
GDPR is driving personal data breaches out into the open. According to a report conducted by the law firm, DLA Piper, more than 59,000 data breaches have been notified across Europe in the first 8 months since the GDPR came into force with British companies falling victim to more than 10,000 data breaches.
- 3. Right to data access
If any individual requests their existing data profile, you must be able to serve them with a fully detailed and free electronic copy of the data you’ve collected about them. This report must also be delivered within 30 days and include the various ways you’re using their information.
- Secondly, if you haven’t obtained their consent at the time you have collected their data, you must inform them – within 30 days of receiving the data.
4. Right to be data deletion
- Once the original purpose or use of the customer data has been realised, your customers have the right to request that you erase their data.
5. Data portability
This gives users rights to their data. They must be able to obtain their data from you and reuse that same data in different environments outside of your company.
6. Privacy by Design
- GDPR requires companies to design their systems with the proper security protocols in place from the start. Failure to design your systems of data collection the right way will result in a fine.
Click here to see our Brand New for 2019, GDPR for Care Workers course. An essential for any organisation that wishes to adhere to the data protection act lawfully.