General Data Protection Regulation (GDPR) Flashcards
What is the GDPR?
The processing of personal data to ensure that data is processed lawfully, fairly and in a transparent manner in relation to individuals.
What new act is all about personal information and the way that is collected, stored and used?
Data Protection Act - May 2018
Who overseas the DP Act?
Information comissionar (IC)
What does the DP Act require?
Anyone who records and uses personal information to be registered with the IC
Define data subject
An identified or identifiable living ‘natural individual’
Define data processing
- Collecting. recording, organising, structuring, storing, retrieval, consulting, use and disclosure of data
- Someone who does any of the above is a data
Define data controller
A person with overall responsibility for the processing of information - decides what data to process and how
Define information commissioner’s office (ICO)
The independent authority for the UK which will uphold information rights in the public interest
What is classes as personal information (PI)?
Name and address
Tel number
Email
Details of medicines dispensed
NHS number Age
How are organisations expected to handle and use PI?
- Be transparent is explaining the use of PI
- Provide choices about how PI used where appropriate to do so
- Keep it secure
- Only collect and retain the minimum amount of PI necessary to carry out their functions
- Only retain data for as long as it is required
- Report any loss of PI promptly
Severe penalties for non-compliance
What is special category data and what are some examples?
Personal information that is especially sensitive
- Race/ethnic origin
- Religious
- Political opinions
- Trade union memberships
- Biometric data used to identify an individual
- Genetic/Health data
- Data related - sexual preference, sex life, sexual orientation
The processing of special category data is prohibited unless what?
- The data subject has been given explicit consent to the processing for one or more specified purpose OR
- Processing is necessary for the purpose of the provision of health care or treatment
What are the rights of individuals?
The right to;
1. be informed
2. access
3. rectification
4. erasure
5. restrict processing
6. data portability
7. object to data processing
8. Not to be subject to automated decision-making including profiling
Describe ‘right to be informed’
Display privacy notice - explain how it will handle PI - should be in plain english on website or in pharmacy
Describe ‘right of access’
People can request information help about them - no charge and be provided within one calendar month
Describe ‘right to rectification’
right to request that any information entry amended - some information retained even if incorrect
Describe ‘right to object to data processing’
People have the right to object to processing their data
What right of individuals are applied to pharmacy?
- Right to be informed
- The right of access
- The right to rectification
- The right to object to data processing
Define consent
express willingness, give permission,agree
What are the two types of consent?
Explicit and implied
For a person to give consent they must do?
- Have the capacity to do so
- Be acting voluntarily
- Have enough information to allow them to make an informed decision
- Be capable of weighing up the information provided
When can disclosure of confidential information happen?
- A patient agrees to their info being disclosed
- The law requires for the info to be disclosed
-It is the public interest to disclose the information
Records should be made
Who can request info about a data subject without consent of data subject?
- The police or another enforcement
- A healthcare authority
- A healthcare regulator
- NHS counter-fraud officer
- A coroner, judge or court
Why is it that some confidential info can be disclosed without consent if it is in the public interest?
To prevent:
- serious crime
- serious harm to a person receiving care or to a third party
- serious risk to public health
