The new General Data Protection regulations are due to be implemented from 25th May, and the Optical Confederation has issued guidelines for LOCs in response. Most of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA) and so most compliance activities will remain the same. However, there are some new elements and some enhancements.
Most of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA) and so most of your approach to compliance will remain the same. However, there are some new elements and some enhancements, so there will be some changes to be made.
Data must be:
processed lawfully, fairly and transparently
collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes
adequate, relevant and limited to what is necessary for the purpose it was collected for
accurate and up to date
kept in such a way that it permits identification of the data subject for no longer than necessary
processed so as to ensure appropriate security of personal data.
In addition, the GDPR creates rights for individuals and it is a further responsibility for organisations to respect
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
The Optical Confederation recommends the following key steps:
Document all the personal data that you hold on paper and electronically
Identify and document the lawful basis for processing the personal data held
Review your current privacy notice and plan any changes that need to be made in light of GDPR
Check your procedures to ensure that they cover all the rights that individuals have
ABDO recommends that all practitioners read the guidance in full here. The Data Protection Bill is still going through the UK Parliament and the Information Commissioner’s Office (ICO) is still updating its guidance. This will be finalised when the bill has been passed and full details confirmed. LOCSU along with the OC will issue any further guidance as required.