On 25th May 2018, a new EU Regulation comes into force which will affect all organisations that collect or process personal data - the GDPR. Many of our clients have been asking about how this affects their use of SARD systems. Most Data Controllers, such as the NHS Trusts with which we primarily work, will be well aware of their increased responsibilities, but for some it’s still a mystery. So what is the GDPR?
The General Data Protection Regulation (GDPR) is the result of four years of work by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now used.
Currently, the UK relies on the Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive, but this will be superseded by the new legislation. It introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU. While this sounds scary, it is actually much more fit for purpose in a digital world, focusing on data flows and data sharing and the modern ways in which information is used. And yes, even if and when the UK leaves the EU, the legislation will still apply. The legislation itself is wide ranging and complex, but at its heart GDPR focuses on six principles that must be applied to any collection or processing of personal data:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary.
- Accurate and, where necessary, kept up to date.
- Retained for only as long as necessary
- Processed in an appropriate manner to maintain security
As data processors, we at SARD are committed and duty bound to making sure that our systems help you to carry out these legal responsibilities on behalf of the medics, employees or any other data subjects whose information you need to collect. SARD has always used robust organisational and technical measures to make sure that our software is secure and your data is kept confidential while maintaining our trademark agility and flexibility of service. We are always happy to respond to any Privacy Impact Assessments or queries that might come up as the new regulations are enforced across your organisation. As responsible Data Processors we are ensuring that we keep on top of all the new and existing requirements set out in the GDPR so you can be confident that your data is safe with us.