GDPR: can you answer the ‘why’ question in a few words?

WP_Post Object
(
    [ID] => 14564
    [post_author] => 1367
    [post_date] => 2018-05-29 16:59:14
    [post_date_gmt] => 2018-05-29 15:59:14
    [post_content] => GDPR - the General Data Protection Regulation - has been in force since May 25 and you can now be fined for non-compliance.

Every business, charitable organisation or community group dealing with people's personal, identifiable data, whether it be held electronically or hard copy paper format, needs to comply with GDPR. If you hold personal sensitive information relating to religion, race, health, sexuality, or political leanings then the responsibility on you is significantly greater.

There is a good rule of thumb when considering GDPR: if you cannot be concise in answering the 'why' question relating to data then you probably have a problem.

Also under GDPR, facilities have been introduced where data subjects can request their data be deleted, made available in full at no cost, or transferred to a third party provider. For a homeopath this could mean someone who moves to a new practitioner requesting you send all their data to the new practitioner and this has to be done free of charge.

If you happen to run clinics or practice in a clinic you also need to make sure that personal data is fully protected and the patient's right to anonymity is respected, if required. As a 'data controller', i.e the person who captures the data in the first place, you are responsible and liable for that data.

This extends beyond your office files: if you store your data in cloud-based services such as repertory software or use web email technology such as gmail or third party processing applications like Mailchimp and online CRM tools, then if a client wishes their data to be deleted you must make sure that it is deleted from all of these processes.

Personal identifiable data is not confined to name, age and address. It can include photographic images, IP address, Mac address, IMEI (mobile phone) and a host of other technology-related elements.

'Consent' is the biggest area of concern due to the ambiguity that it creates. The best example of this is the traditional business card exchange or 'drop into the fish bowl' at a seminar.

If you lead with 'Give us your business card and you could win . . .' then you will find yourself in breach of GDPR if you put all of these contacts into your database and send them your newsletter.

With a slight change of focus to 'Please give us your business card to receive our newsletter and you could win our prize draw' you have clearly established your intention to use the business card for newsletter marketing.

However, this doesn’t give you the right to start sending people information on products you think could be of interest. So a homeopath sending homeopathy info is OK but a homeopath sending clothing information is not OK!

And if you have web forms ('Sign up for our newsletter') or similar elements on your website you must make the default 'opt out' rather than 'opt in'.

In summary, be open and honest. If in doubt ask - and get it in writing.

Melanie Medhurst, RSHom

 

Material published in this section of the website does not necessarily reflect the opinion of the Society of Homeopaths.
    [post_title] => GDPR: can you answer the 'why' question in a few words?
    [post_excerpt] => 
    [post_status] => publish
    [comment_status] => closed
    [ping_status] => closed
    [post_password] => 
    [post_name] => gdpr-can-you-answer-the-why-question-in-a-few-words
    [to_ping] => 
    [pinged] => 
    [post_modified] => 2018-06-11 12:07:25
    [post_modified_gmt] => 2018-06-11 11:07:25
    [post_content_filtered] => 
    [post_parent] => 0
    [guid] => https://homeopathy-soh.org/?post_type=blogs&p=14564
    [menu_order] => 0
    [post_type] => blogs
    [post_mime_type] => 
    [comment_count] => 0
    [filter] => raw
)

GDPR – the General Data Protection Regulation – has been in force since May 25 and you can now be fined for non-compliance.

Every business, charitable organisation or community group dealing with people’s personal, identifiable data, whether it be held electronically or hard copy paper format, needs to comply with GDPR. If you hold personal sensitive information relating to religion, race, health, sexuality, or political leanings then the responsibility on you is significantly greater.

There is a good rule of thumb when considering GDPR: if you cannot be concise in answering the ‘why’ question relating to data then you probably have a problem.

Also under GDPR, facilities have been introduced where data subjects can request their data be deleted, made available in full at no cost, or transferred to a third party provider. For a homeopath this could mean someone who moves to a new practitioner requesting you send all their data to the new practitioner and this has to be done free of charge.

If you happen to run clinics or practice in a clinic you also need to make sure that personal data is fully protected and the patient’s right to anonymity is respected, if required. As a ‘data controller’, i.e the person who captures the data in the first place, you are responsible and liable for that data.

This extends beyond your office files: if you store your data in cloud-based services such as repertory software or use web email technology such as gmail or third party processing applications like Mailchimp and online CRM tools, then if a client wishes their data to be deleted you must make sure that it is deleted from all of these processes.

Personal identifiable data is not confined to name, age and address. It can include photographic images, IP address, Mac address, IMEI (mobile phone) and a host of other technology-related elements.

‘Consent’ is the biggest area of concern due to the ambiguity that it creates. The best example of this is the traditional business card exchange or ‘drop into the fish bowl’ at a seminar.

If you lead with ‘Give us your business card and you could win . . .’ then you will find yourself in breach of GDPR if you put all of these contacts into your database and send them your newsletter.

With a slight change of focus to ‘Please give us your business card to receive our newsletter and you could win our prize draw’ you have clearly established your intention to use the business card for newsletter marketing.

However, this doesn’t give you the right to start sending people information on products you think could be of interest. So a homeopath sending homeopathy info is OK but a homeopath sending clothing information is not OK!

And if you have web forms (‘Sign up for our newsletter’) or similar elements on your website you must make the default ‘opt out’ rather than ‘opt in’.

In summary, be open and honest. If in doubt ask – and get it in writing.

Melanie Medhurst, RSHom

 

Material published in this section of the website does not necessarily reflect the opinion of the Society of Homeopaths.

Share this page