GDPR: locking down your data

11 July 2018
Summer 2018

Acuity explores how businesses must now take extra care with its rules on data privacy, consent and security.

GDPR gives back control to individuals over the data that companies hold on them, and will harmonise European data legislation.

However, the new Data Protection Act, which came into force at the same time as GDPR, has complicated the situation for optometrists. All ‘public authorities’, which include primary care providers such as practices offering General Ophthalmic Services (GOS), now have a statutory requirement to appoint a data protection officer (DPO) or use the services of one. The Information Commissioner’s Office (ICO) states that DPOs must be independent, adequately resourced and experts in data protection.

The Optical Confederation (OC), which opposed the classification of smaller, high-street practices as public authorities, said that a DPO “will place a disproportionate and costly new burden on small businesses that provide NHS services, going far beyond the requirements of GDPR.” One provider offering NHS services and employing three practitioners was quoted more than £11,000 for an external company to provide DPO support for a year (OC, 2018). However, the ICO has indicated that it will be pragmatic in its approach and that providers should be proportionate in the measures they take to comply with GDPR. At the time of going to press, the OC were continuing to work with the ICO and the NHS so that it, and the College, can provide new guidance. However, the OC still cautions against appointing an expensive external provider.

Login to read the rest of this article.

Sign in to continue

Forgotten password?

Not already a member of The College?

Start enjoying the benefits of College membership today. Take a look at what the College can offer you and view our membership categories and rates.

Related further reading

We believe that vaccine uptake will be maximised where staff are supported to make their own decisions, having been provided with clear, evidence-based information on the benefit and value of vaccinations.

Following the announcement by the Secretary for Health that the isolation period for people who test positive for COVID-19 will be cut to five full days in England, NHSE has confirmed this will apply in primary care settings.

UKHSA confirms that changes to the self-isolation period following Covid exposure applies to healthcare workers