What the data protection overhaul means for the optical sector

The Optical Confederation has released guidelines to help eye care practitioners prepare for a shakeup of the rules on data protection


Optometrists seeking clarity on what data protection changes will mean for them have a new resource from the Optical Confederation that they can turn to.

The Optical Confederation has published initial guidance to help eye care practitioners navigate their obligations under the EU General Data Protection Regulation (GDPR), which will be implemented in the UK on 25 May 2018, and the Data Protection Bill which is going through Parliament.

The guidance explains that some of the details of the new rules are not clear yet, so the Optical Confederation will be updating the guidance over the coming months. But much of what practitioners already do to protect data will stay the same.

The guidance is split into two parts – a basic overview of data protection rules and an explanation of what practitioners should do to manage risks in preparation for the overhaul.


Steps that practices should take before the regulations are rolled out include making a list of personal data that is held by the business and making a note of the legal basis for processing the different types of data.

Practices should also review their privacy notices, methods used to keep data secure and consent processes. These can be updated if necessary.

It is important that businesses ensure they are only collecting information that they need and it is securely stored for as long as is necessary.

The advice also highlights some steps that practices do not need to take yet – for example, spending significant money on external advice on the changes (because of current uncertainty about the final rules), changing methods for contacting patients or appointing a statutory Data Protection Officer.

AOP members with queries about the Optical Confederation guidance can contact [email protected].