A Half Day Workshop – 1.30pm – 4.30pm
THE BUSINESS OF GENERAL PRACTICE
MODULE: Understanding GDPR – General Data Protection Regulation
‘we have an opportunity to set out a new culture of data confidence in the UK’
Although the EU General Data Protection Regulation (GDPR) does not come into force until May 2018, the scope of the changes under the new Regulation means that preparing for the GDPR will be high priority for the next 6 months. GDPR will need to be implemented alongside the New Data Protection Act which will both come into force on 25th May 2018.
You will need to carry out audits of the patient data and employee personal data that you collect and process to ensure that it meets GDPR conditions for patient and employee consent. New governance and record-keeping requirements mean that you will also have to create or amend policies and processes on privacy notices, data breach responses and subject access requests. There is a much greater emphasis on compliance following a widely-held belief that business up to now has not taken data privacy seriously enough. Possible penalties are considerably harsher and importantly now include small and medium businesses within the Public Sector. But, remember the new GDPR compliance requirements are not just and waving fines – it’s about realising that the data, upon which your business or practice is built, is managed in an appropriate, respectful, and lawful manner – and that the right levels of accountability and governance are applied by the practice.
There has never been a more important time to ensure that best practice is in place to secure patient and staff data, protect reputation and ensure compliance. A planned and structured approach is required to fully understand the necessary changes for both systems and user behaviour.
This workshop has been designed to be practical and easily digestible for those with responsibility and liability for Information Governance within the Primary Care sector. The day is facilitated by experts in both Information Governance and Primary and will be very interactive. It will be both detailed and practical and will seek to provide clarity and an objective approach in preparing for the GDPR.