{"id":7088,"date":"2018-05-21T10:00:13","date_gmt":"2018-05-21T09:00:13","guid":{"rendered":"http:\/\/www.stockportccg.nhs.uk\/practicehub\/uncategorised\/understanding-the-new-gdpr-requirements\/"},"modified":"2018-05-21T09:59:53","modified_gmt":"2018-05-21T08:59:53","slug":"understanding-the-new-gdpr-requirements","status":"publish","type":"post","link":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/news\/understanding-the-new-gdpr-requirements\/","title":{"rendered":"Understanding the new GDPR requirements"},"content":{"rendered":"<p><strong>Introduction<\/strong><br \/>\nGDPR stands for General Data Protection Regulations. They&#8217;re a set of European-wide data protection laws coming into force on 25 May 2018 which replace the Data Protection Act (1998).<\/p>\n<p>We need to make sure that the way we collect, process and store personal data and information will comply with the new regulations.<\/p>\n<p>Personal data is any information that identifies a living individual. For Stockport CCG this includes employee information such as HR and Payroll records, customer lists and contact details. It applies to both electronic and paper records.<\/p>\n<p><strong>Compliance with the new GDPR regulations is everyone&#8217;s responsibility.<\/strong><\/p>\n<p><strong>What are the key changes? <\/strong><br \/>\nGDPR goes beyond the current requirements of the Data Protection Act 1998. Some of the key changes are as follows:<br \/>\n\u2022 Accountability \u2013 organisations must not only comply with the requirements under the GDPR, but demonstrate compliance. This will be overseen by a new Data Protection Officer role, reporting to senior management.<br \/>\n\u2022 Data Protection training and awareness will be required for staff at all levels in the organisation, as this will be the only way to develop a more proactive and responsive information governance culture.<br \/>\n\u2022 Restrictions to using consent as the justification for processing data for a particular purpose. Consent must be given freely, specific, informed and unambiguous. Under the GDPR there is a higher standard for consent and it must be as easy for an individual to withdraw consent as it is to give it.<br \/>\n\u2022 Record of Processing Activities \u2013 organisations will be required to build and maintain an Information Asset Register to identify the personal data processed by any service.<br \/>\n\u2022 Data Protection Impact Assessment (DPIA) &#8211; Organisations will need to identify, assess and mitigate or minimise privacy risks with data processing activities.<br \/>\n\u2022 Data breaches &#8211; the supervisory authority must be notified of any data breach without undue delay and no later than 72 hours after becoming aware of the breach. Penalties for any data breaches are considerably higher than before and failure to report a breach can result in a fine of up to \u00a318 million.<br \/>\n\u2022 Data subject rights \u2013 the GDPR confers a number of new rights on people who are the subject of any data processing activity, including:<br \/>\n\u2022 Subject access changes \u2013 removal of the \u00a310 subject access fee and shortening in the response time<br \/>\n\u2022 The right to be forgotten entitles an individual to have their personal data erased, stop any sharing of their data, and potentially have third parties halt processing of the data too<br \/>\n\u2022 The right to data portability means an individual can request to receive all the data that is held about them in a &#8216;commonly used and machine readable format&#8217;, and have the right to transmit this to another body.<\/p>\n<p><strong>What does this mean for the CCG?<\/strong><br \/>\nMuch work needs to be done to ensure we are compliant with the regulations and that we all recognise and understand that responsibility for the safe and secure handling of personal data rests with each and every one of us.<\/p>\n<p>This work is being led and coordinated by a Project Team from Stockport Council in partnership with the CCG and includes colleagues from a range of different disciplines including Information Governance, Policy, IT and Communications.<\/p>\n<p>Priorities include:<br \/>\n\u2022 An update of Policies and Procedures to ensure that advice and guidance is available for all colleagues. Additional training, including an updated data protection e-learning module, will be provided in 2018 to support the transition to the new regulations<br \/>\n\u2022 Helping services to carry out Personal Data Audits as we need to understand what information we currently hold and how it is collected, processed and stored. The team will advise and help services make any changes necessary to comply with GDPR.<br \/>\n\u2022 Raising awareness and understanding of Privacy by Design to ensure that data protection is included in the design of systems from the start and embedded in all data processing activities. Managers will be given support to ensure they consider privacy before changing how they operate or the systems they use.<br \/>\n\u2022 Ensuring that any partners and suppliers who deliver services to or share personal information with the CCG are operating to the same standards we are, and are complying with the law.<br \/>\n\u2022 Appointing a Data Protection Officer &#8211; a mandatory requirement for the CCG under GDPR<\/p>\n<p><strong>Keeping you informed<\/strong><br \/>\nWe will continue to keep staff updated through briefing sessions, training, and information keeping you up to date on GDPR.<\/p>\n   ","protected":false},"excerpt":{"rendered":"<p>The new General Data Protection Regulation laws come into force on 25 May 2018.  Are you ready?<\/p>\n","protected":false},"author":590,"featured_media":7182,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[195,9,333,63],"tags":[],"_links":{"self":[{"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/posts\/7088"}],"collection":[{"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/users\/590"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/comments?post=7088"}],"version-history":[{"count":1,"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/posts\/7088\/revisions"}],"predecessor-version":[{"id":7181,"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/posts\/7088\/revisions\/7181"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/media\/7182"}],"wp:attachment":[{"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/media?parent=7088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/categories?post=7088"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stockportpracticehub.co.uk\/practicehub\/wp-json\/wp\/v2\/tags?post=7088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}