Did you know? You only have until 25 May 2018 to ensure your practice’s data is GDPR compliant.
The GDPR (General Data Protection Regulation) was designed to coordinate European data privacy laws, to protect the data privacy of all EU citizens and to improve the way organisations approach data privacy. Regardless of Brexit, GDPR will apply to your health business, so it is essential that you understand what it is and how it will affect you. It actually came into effect in 2016, but will not be enforced until 25 May 2018. That means you have around 13 months left to ensure that your data complies with its regulations. If you miss this date, you could face a hefty fine of up to 4% of your practice’s annual turnover!
If you are already up-to-date with the Data Protection Directive 95/46/EC, then becoming compliant with GDPR will not be too challenging. The new regulations are essentially an amendment of the ones created in 1995, taking into account the technological and legal changes of the past 20 years.
According to the GDPR website, the regulations apply to personal data. This includes: names, photos, email addresses, bank details, posts on social networking websites, medical information and computer IP addresses.
For therapists and coaches in private practice, it’s vitally important to ensure that you collect and store confidential data and client contact data in accordance with GDPR. This doesn’t mean that you should discard any data that has not been gathered with a GDPR compliant process, but you must contact those individuals again to request the appropriate consent. If you work with children, you will need to gain parental or guardian consent in order to process their data lawfully.
It’s also worth starting this process early. For one thing, the data you compile could be less usable if you are in a hurry to collect it. For another, clients may decline to give you their data if you wait until next April to ask for it. By that time, they could be receiving many similar requests in rapid succession and simply be inundated with data requests, so it makes sense to start now.
This may seem like rather tedious work, but it will all be worth the effort. Having accurate contact data that is GDPR compliant is crucial for your marketing purposes and for keeping the lines of communication open between you and your clients.
There’s more information about GDPR on the official website.