The General Data Protection Regulation (GDPR) replaces the Data Protection Act (DPA) from 25 May 2018. Compliance will be mandatory for any organisation that processes EU residents’ personal data.
The Regulation’s main objective is to strengthen data protection for individuals. It stresses that misusing healthcare data can have serious long-term repercussions for data subjects. Despite the greater scope of the new law, recent reports indicate that only 38% of businesses in the UK are aware of the GDPR. Of these, just over a quarter have begun to address its challenges.
IT Governance will be running a free webinar on 8 March 2018 at 3:00 pm, exploring the challenges facing healthcare as the GDPR compliance deadline approaches. The webinar will also cover the practical steps that healthcare organisations must take to achieve compliance, highlighting the areas of maximum impact and security risks.
First steps to GDPR compliance
Organisations need to ensure board-level buy-in, assign a budget and have a member of senior management involved in the compliance project from the outset. Healthcare organisations, including any NHS organisation, homecare and nursing, assisted living, dental practices and most healthcare industry organisations, will also need to appoint a data protection officer (DPO).
Organisations should then conduct a gap analysis to understand their current level of GDPR compliance. This will pinpoint where the internal capabilities are and can identify the skilled staff who will be involved in the project.
Using the gap analysis, the designated personnel should identify and communicate a plan that prioritises critical-risk and high-impact areas, helping to achieve cost-effective, top-level compliance within a structured framework.