On the 25th May 2018, the EU General Data Protection Regulation (GDPR) came into effect. The GDPR strengthens the rights that individuals have regarding their personal data and details the requirements concerning the processing of personal information. Ocuco have reviewed the GDPR, our own compliance, and the compliance of our products. Pulling together that experience and external advice, we have produced this guide to share with our customers our interpretation of its impact on optical practices.
Optical practices work daily with sensitive personal information, and GDPR applies to every practice. It is important to note that GDPR applies to the entire practice and not just the software holding the patients’ records. The scope of this guide extends to the software solutions we provide. It should not be used as a substitute for appropriate legal advice.
It is the responsibility of the business owner to ensure that their business is compliant with GDPR. Many of the obligations have nothing to do with computer systems and impact how practice staff interact with patients, the physical security of the building, the knowledge of staff in the area of data protection, the practice’s website forms, any data with personal information held on practice computers, and many other factors.
The legislation should be reviewed and appropriate guidance sought from experts in this area. The guidance related to the practice’s responsibilities under GDPR can be found by regularly checking the website of the national protection authority.
The GDPR is about the accountability for the protection of personally identifiable information.
The GDPR strengthens the rights of ‘data subjects’ regarding their personally identifiable information and details the requirements regarding the use of this data and all data processing activities. In the context of these guidelines, data subjects are the patients of the practice whose data is processed in Ocuco software.
These enhanced rights protect any information relating to a person who could be identified from that information; which might include patient details, health records or employee records.
The regulation places greater responsibility on organisations that hold and use such personal data to ensure it is secure and only used for the proposes for which it was gathered.
GDPR impacts everyone in a practice. Organisations which hold personal data must update all staff on the new rules and make sure that all are aware of the new procedures and policies put in place to uphold the rights of the individual.
Ocuco’s GDPR Guidance covers three focus areas to help customers on their GDPR journey and advise on what next steps to take. Browse our content sections below for an outline of the regulation and to find out how Ocuco services can help.