Diagnostic World complying with General Data Protection Regulation (GDPR)
Thursday 24th May 2018
What is GDPR?
It is important to note that the General Data Protection Regulation (GDPR) is an evolution of the Data Protection Act 1998 (which Diagnostic World already complies with) and is aimed at raising IG standards within all industries across the EU.
Diagnostic World embraces GDPR
Diagnostic World has had a project team working on GDPR to ensure we comply with the principles and we would like to highlight some of the progress with you all.
Data Protection Officer
Diagnostic World have appointed a Data Protection Officer who will report to the Information Governance Steering Group for the business. Some of the responsibilities are listed below:
- Keeping the Information Steering Group updated about data protection responsibilities, risks and issues
- Reviewing all data protection procedures and policies on a regular basis
- Answering questions on data protection from staff, board members and other stakeholders
Individuals have rights to their data that we must respect and comply with:
- Right to be informed.
- Right of access (see subject access below).
- Right to rectification i.e. the data subject has the right to require the erasure of personal data concerning them. However, this is qualified by the lawful basis as a healthcare provider to retain personal data in connection with the patients care and treatment (subject to principle 1 relating to the the lawfulness of keeping the data which would not permit erasure of treatment records).
- Right to restriction of processing i.e. subject to certain exemptions a data subject has the right to restrict processing of their personal data. (e.g. where the information accuracy is contested, the processing is unlawful, or data is no longer required by the Data Controller).
- Right to data portability i.e. the data subject has the right to receive their personal data which is held by you in a structured, commonly used format.
- Right to object i.e. the data subject has the right to object on grounds relating to the processing of their personal data. (e.g. personal profiling carried out that is not in connection with the public interest).
Is your Data shared with anyone?
At Diagnostic World we are committed to and are fully compliant with GDPR Regulations. Your
personal and medical information will be held securely and only shared with other medical professionals including the NHS who are involved in your care.
The GDPR allows individuals for whom information is held within Diagnostic World have rights of access to it, regardless of the media in which information may be held/retained.
There is no charge for the requests however an administration cost may be applied if the request is unfounded or excessive.
All requests can be made via writing/emailing us to which we will respond within a month.
Post - Diagnostic World
Unit 58-59 Birmingham Research Park
Email - firstname.lastname@example.org