EP17 - GDPR Jitters - Key Learnings for Healthcare Professionals

General Data Protection Regulations… wow, what a mouthful. Coming to the EU May 25th, 2018. How will these regulations affect your business and where to even get started? Join Emily as she discusses some learnings for healthcare business owners or freelancers from key articles on the subject. 

We discuss: 

  • What does the GDPR Mean?

  • Where to start?

  • Demonstrating compliance.

  • Privacy Notices

  • How do I know if I can collect the data?

  • Data breach - what is it and how to deal with it.

What does the GDPR Mean?

Transparency and control the individual. People should know where their data is going and how it's being/going to be used. If they want to pull their data back from you, they should be able to do so with ease. 

Where to start?

Start by conducting an audit of your own. A data mapping exercise. 

  • What data you currently have

  • How it's being used/processed

  • If it's necessary for you to have it

  • If it's processed in a manner that's secure

  • If there is no other way to achieve the purpose for why the data is being collected

Demonstrating compliance. 

As a data controller, you should be able to demonstrate compliance if there is a complaint made against you and if you are unfortunate to encounter a data breach. 

Privacy Notices

Document your decision making and have it where individuals can read how their data will be used and secure. You could have this on a page of your website. 

How do I know if I can collect the data?

Check out the "lawful bases for processing" from the ico/GDPR documents. 
They are: 

  • Consent

  • Contract

  • Legal obligations

  • Vital interests

  • Public tasks

  • Legitimate interest*

    • e.g. if an individual signs up for your IBS newsletter and then 2 months later you launch an IBS course, it is legitimate to think that they would have a legitimate interest in that product. Just make sure they are able to opt out of hearing about it easily and at any time if they are not interested.

Data breach - what is it and how to deal with it. 

Because you have mapped your data, in theory, it should be a lot easier for you to recognize a data breach. You should have a response plan in place in case of a data breach. If this happens as soon as you recognize it you need to: 

Articles Discussed:
Enterprise Nation - What does the GDPR Mean for my business?
ico. - Getting ready for the GDPR
Marketing Week - How marketers should be tackling GDP implementation

Sponsored by:
Sign up for the DIY Marketing Bites E-Blast
for nutrition professionals. 👉