General Data Protection Regulation (GDPR) Flashcards
What is the GDPR?
The processing of personal data to ensure that data is processed lawfully, fairly and in a transparent manner in relation to individuals.
What new act is all about personal information and the way that is collected, stored and used?
Data Protection Act - May 2018
Who overseas the DP Act?
Information comissionar (IC)
What does the DP Act require?
Anyone who records and uses personal information to be registered with the IC
Define data subject
An identified or identifiable living ‘natural individual’
Define data processing
- Collecting. recording, organising, structuring, storing, retrieval, consulting, use and disclosure of data
- Someone who does any of the above is a data
Define data controller
A person with overall responsibility for the processing of information - decides what data to process and how
Define information commissioner’s office (ICO)
The independent authority for the UK which will uphold information rights in the public interest
What is classes as personal information (PI)?
Name and address
Tel number
Email
Details of medicines dispensed
NHS number Age
How are organisations expected to handle and use PI?
- Be transparent is explaining the use of PI
- Provide choices about how PI used where appropriate to do so
- Keep it secure
- Only collect and retain the minimum amount of PI necessary to carry out their functions
- Only retain data for as long as it is required
- Report any loss of PI promptly
Severe penalties for non-compliance
What is special category data and what are some examples?
Personal information that is especially sensitive
- Race/ethnic origin
- Religious
- Political opinions
- Trade union memberships
- Biometric data used to identify an individual
- Genetic/Health data
- Data related - sexual preference, sex life, sexual orientation
The processing of special category data is prohibited unless what?
- The data subject has been given explicit consent to the processing for one or more specified purpose OR
- Processing is necessary for the purpose of the provision of health care or treatment
What are the rights of individuals?
The right to;
1. be informed
2. access
3. rectification
4. erasure
5. restrict processing
6. data portability
7. object to data processing
8. Not to be subject to automated decision-making including profiling
Describe ‘right to be informed’
Display privacy notice - explain how it will handle PI - should be in plain english on website or in pharmacy
Describe ‘right of access’
People can request information help about them - no charge and be provided within one calendar month