New General Data Protection Regulations

Jun 5, 2018
GDPR is a new law that determines how your personal data is processed, kept safe and the legal rights that you have in relation to your own data. The regulation applies from 25 May 2018. The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principals. The main changes are:

  • Practices must comply with subject access request
  • Where we need your consent to process data, the consent must be freely given, specific, informed and unambiguous
  • There are new, special protections for patient data
  • The Information Commissioner's Office must be notified with 72 of a data breach
  • Higher fines for data breaches - up to 20 million euros