GDPR stands for General Data Protection Regulation and replaces the previous Data Protection Act. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. Charlotte Hill Osteopath is committed to protecting the rights and freedoms of individuals with respect to the processing of client’s personal data. The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes these rights for individuals:
1) The right to be informed:
Charlotte Hill Osteopath needs to know client’s names, addresses (if relevant), telephone numbers, email addresses along with relevant medical history for the treatment or activity they are involved in for the safety and interest of the client. This information is confidential and will not be shared with any external companies for marketing purposes.
2) The right of access:
At any point an individual can make a request relating to their data and Charlotte Hill Osteopath will need to provide a response (within 1 month). Charlotte Hill Osteopath can refuse a request, if we have a lawful obligation to retain data, but we will inform the individual of the reasons for the rejection.
3) The right to erasure:
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, Charlotte Hill Osteopath has a legal duty to keep client details for 7 years. Data is archived securely and removed after the legal retention period.
4) The right to restrict processing:
Clients can object to Charlotte Hill Osteopath processing their data. This means that records can be stored but must not be used in any way, for example for communication purposes.
5) The right to object:
Clients can object to their data being used for certain activities like marketing or research.
6) The right not to be subject to automated decision-making including profiling:
Automated decisions and profiling are used for marketing based organisations. Charlotte Hill Osteopath does not use personal data for such purposes.
Storage and use of personal information
All paper copies of client records, including any information provided at first ‘registration’, are kept securely and never shared. These records are removed after the legal retention period.
All Charlotte Hill Osteopath computers are securely protected with passwords required for access. Any portable data storage used to store personal data, eg. USB memory stick/mobile phone/iPad are password protected and/or stored securely.
GDPR means that Charlotte Hill Osteopath must;
• Manage and process personal data properly
• Protect the individual’s rights to privacy
• Provide an individual with access to all personal information held on them
This Policy was adapted in May 2018