Optical practitioners are being advised to review the guidance on data protection rules that are now in effect.
On 7 August, the Minister of the State of Digital, Matt Hancock, announced the new UK Data Protection Bill. The Bill is designed to provide greater protection for consumer data, and writes the EU General Data Protection Regulation (GDPR) into law in the UK.
Global accountancy and consultancy firm Moore Stephens’ partner for governance, risk and assurance, Steve Williams, explained to OT: “There are four main points of GDPR to note.
“First, it allows people to ask for their personal data held by companies to be erased. It provides a framework for parents and guardians to give consent for their child’s data to be used, and it requires data processors to notify the regulator of a loss of data within set timescales. Lastly, it makes it easier for data subjects to move data between service providers.”
"The key thing is not to panic and work through the guidance that is already available"
Organisations have until May 2018 to comply with GDPR, and this will apply regardless of Brexit.
Mr Williams added: “In the worst-case scenario, non-compliance can lead to fines of up to €20 million (£17 million) or 4% of global annual turnover.”
“Although this is a change in regulation, the Information Commissioner has published guidance and tools to help organisations comply and will no doubt continue to do so. The key thing is not to panic and work through the guidance that is already available,” he advised.
The Information Commissioner’s Office (ICO) Assurance team are running workshops aimed at small businesses in the health sector that will cover GDPR in more depth.
The three one-day interactive events for SMEs who are responsible for processing health-related personal data are taking place in London, Birmingham and Manchester.
OT will be featuring an in-depth article with Moore Stephens later this year on the implications of GDPR for optical practitioners.