GDPR – the way forward, part 2

Part 2: the General Data Protection Regulation was not just for 25 May 2018

Summary:

The EU General Data Protection Regulation came into force on 25 May 2018. In the second of our two-part analysis of the legislation, occupational health specialist Susan Carty considers the technical issues to address in order to ensure that OH practitioners and services are compliant with the GDPR.

Part 1 of this review of the implications of the EU General Data Protection Regulation (GDPR) examined the legal aspects of the GDPR and the then Data Protection Bill (which has since become an Act of Parliament) most relevant to occupational health¹. This second part will consider the technical questions. In the months leading up to Friday 25 May 2018 there was a lot of anxiety about the GDPR within occupational health – and much of the concern was understandable. Work was needed to prepare for the new legislation, and change often creates uncertainty. The legislation took effect on 25 May, but no business stands still. We are expected to continue to identify and address emerging privacy and security risks in the weeks, months and years beyond May 2018. By now you should have the following building blocks in place to ensure your organisation continues to implement responsible data practices:

Susan Carty is an occupational health nurse and specialist OH adviser for Cohort Software Limited

Author: Carty S

Tags audit confidentiality consent data protection DPA - Data Protection Act GDPR it - information technology records - reports training

Occupational Health at Work June/July 2018 (vol. 15/1) pp30-35

Download full article CPD