The General Data Protection Regulations (GDPR)

21st January 2018

GDPR (General Data Protection Regulations) – what is it and how does it affect VetClub and your practice?

As the world becomes increasingly digitised, many businesses are holding more personal information of clients and members of staff on work computers and files. With this comes a significant risk of data being stolen and abused.

  • The European Parliament officially adopted the GDPR in April 2016, and it becomes enforceable on 25th May 2018.
  • The GDPR applies to everyone involved in the processing of data about individuals in the context of selling goods and services to citizens in the EU.
  • Any information we hold about your clients that can used to identify them will fall under the umbrella of the GDPR.

What is VetClub doing to comply?
In order for VetClub to comply with the new regulations, we need to ensure we obtain and document consent from anyone that we send your email newsletters. To explain this we’ll be asking all clients to update our database and indicate their consent. Anyone who has not given consent by 25th May will no longer receive the emails.

Ensure you comply with the GDPR

Be aware

  • Make sure everyone in your practice is aware that the law is changing to the GDPR in May this year.

Document everything

Find out and know the information you already keep of your clients and staff. This includes;

  • All personal data you hold
  • Where it came from
  • Where it is stored
  • Who you share it with

Be accountable

You need to comply with the GDPR’s accountability principle. The best way is to have effective policies and procedures set up and in place.

Client and staff privacy

You must review your current privacy notice, and if you don’t have one already it needs to be set up and acted upon. For example, in this notice you have to explain;

  • Who you are
  • How you intend to use the information you collect
  • The legal basis for processing and using the data
  • The time period you’ll keep the information
  • The client’s right to complain
  • You also have to make sure this information is written in a concise, easy to understand and clear way.

Individual rights

The main rights for individuals under the GDPR will be the right to have:

  • Access to their own personal data
  • Inaccuracies corrected
  • Direct marketing stopped
  • Automated decision-making prevented
  • Profiling prevented
  • Data transferred
  • Data deleted

Access requests

You will not be able to charge for complying with a request
You will have just a month to comply
Unfounded or excessive requests can be charged for or refused

Consent

Review how you are seeking, obtaining and recording consent and whether you need to make any changes. The GDPR has references to both ‘consent’ and ‘explicit consent’. Both forms of consent have to be;

  • Freely given
  • Specific
  • Informed
  • Unambiguous
  • Verifiable
  • Recorded
  • A positive indication of agreement to personal data being processed

It’s important that consent cannot be inferred from silence, pre- ticked boxes or inactivity.

Data breaches

Make sure you have the right procedures in place to detect, report and investigate a personal data breach. Remember a failure to report a breach could result in a significant fine.

Find out more about the GDPR>

Ask us for more information

If you want more information or a more detailed explanation, either email or call us. We’ll do our best to explain and help.