From 25.5.2018, General Data Protection Regulation (GDPR) is a legal requirement of the Data Protection Act (DPA), subsequent to EU regulation. The website www.http://ico.org.uk provides detailed information about this.
What is GDPR about?
GDPR is designed to make sure that your rights related to data collection, security and sharing are respected.
It means that you have the right to know about what information is held about you, how it is stored and how it will be used.
This leaflet explains how Helen Macdonald Ltd intends to comply with GDPR as part of our Data Protection policy from 21.05.18. Helen Macdonald Ltd is referred to as ‘we’ in the information below.
Under GDPR you have the following rights:
• To be informed; to have access; the right to rectification; right to erasure; right to restrict processing; to data portability; to object and the right not to be subjected to automated decision-making, including profiling.
Helen Macdonald is the named Data Controller for Helen Macdonald Ltd. If you have any questions, please use the contact details above.
Our GDPR and data protection policies mean that we tell you what personal data we hold on you. We will provide you with a copy on request, and in a format which is consistent with how the data is held and which allows appropriate portability.
We will update our information if you tell us about factual inaccuracy or inform us that it has changed. We will delete information according to our policy. We will not share personal data without permission as detailed below. We will take any objections seriously and take appropriate action to resolve them. We will never use your personal data for automated decision-making.
The data that we hold on you:
Personal data is information that could identify you or your personal circumstances. This data will only be held if it is essential that we do so; where there is an obligation to do so for legal or business reasons and where we have your consent to do so. The personal data below is what we hold on you. You are entitled to a copy of this sheet.
If any information is incorrect, or changes occur, please let us know by email or by post (see above). If your personal data changes and you inform us, our record will be updated and a new sheet supplied to you. Earlier versions will be destroyed.
We keep your personal data for a maximum of seven years after active contact with our service is completed; after which paper copies involving any personal data about you will be shredded and all electronic records will be deleted.
We will ask for and keep the following personal data about you:
Name; date of birth: address: who made the referral/instructions; who your GP or responsible health care practitioner is; if you have a telephone number or email address or other contact (such as video-conferencing) that you are willing for us to use to communicate with you.
Who we can communicate with about you or share information with: ‘Communications Consent’:
The nature of the work that we do means that we need to share personal data about you. You will always have the right to request a copy of personal data that we share about you, and to correct any factual inaccuracy.
We will never share your details where it is not necessary for providing our services.
Information sharing can include communicating with:
• The person or representative of the organisation who referred you or instructed Helen Macdonald Ltd.
• A health care professional such as your GP where this is directly associated with your care.
• Where it is required by law, for example, by order of a court.
If we need to share personal data with someone else, we will seek permission from you.
Data Protection Policy
How long we keep information:
Where personal data is held, it will be held securely, and for no longer than necessary. We keep your data for a maximum of seven years after active contact with our service is completed; unless there is a legal obligation to do otherwise. After this, paper copies involving any information about you will be shredded and all electronic records will be deleted.
How we keep information securely:
Where possible, information is anonymised, for example, using first names or initials only unless essential to use an identifiable name.
Information on paper is kept in a locked filing cabinet in a secured area when it is not in active use. Information on paper may need to be transported, for example, paper notes or clinic diary. In this case the person responsible for the information will ensure that it is not visible or accessible to anyone who does not have the right to do so.
Computers, digital storage and other devices, such as mobile phones in which personal data is stored and processed will be protected using PGP encryption where possible and otherwise password protected. Personal data will not be displayed on unattended screens.
What happens if something goes wrong:
We take protection of your data seriously, and have processes in place to ensure that your data is secure. However, we recognise that it is possible that something can go wrong. This can include data being accidentally destroyed, or accessed or altered by a third party (either accidentally or deliberately) who is not authorised to access or alter it.
If you believe that a data breach has occurred, please inform us. We will take action to put it right.
If a data breach occurs, we will record it, and attempt to put it right. If it is likely to have an impact on you, we will let you know. If the breach may have an impact on your rights and freedoms, we also have a responsibility to inform the information commissioner’s office, see below.
We will review our data protection policy to ensure that any breach is not likely to occur.
• Concerns about our data-handling can and should be referred to the Information Commissioner’s Office http://ico.org.uk
• Helen Macdonald Ltd healthcare practitioners also adhere to professional and organisational codes of conduct and ethical practice, including http://www.babcp.com/files/About/BABCP-Standards-of-Conduct-Performance-and-Ethics-0917.pdf
Click hereto download our GDPR consent form