As a business or company operating within the general field of care, you’ll know the vitality of privacy. While businesses in this industry are always very careful with private data, being careful may no longer be enough. For example, have you heard of the upcoming European Union legislative changes to data protection?
They are known as the EU General Data Protection Regulation (GDPR) protocols. They are, as mentioned on the official site the ‘most important change in data privacy regulation in 20 years’ – and they do matter. If you are not yet aware of what GDPR means for a care company, it’s time to find out.
These new regulations come into play on 25th May 2018. Compliance is not optional; it’s a new, EU-wide way of handling data. It’s a vital part of making companies more aware of the power of the data that they hold. Companies, including your business in the care industry, holds vital data about patients and service users. Businesses throughout the EU hold private data about people in all manner of ways.
In a bid to offer greater transparency, GDPR is handing power back to the people. As a care company, you need to be capable of both understanding and appreciating these new regulations. A failure to comply would go against everything a care company would stand for.
For now, GDPR will be expected to provide privacy to basic details such as name, address and any form of assigned ID number. So, too, will cookie data, IP addresses, web location and other personal data. Data on biometrics, health, genetics, race, ethnicity, political thinking and even sexual orientation will need to be staunchly protected.
As old rules no longer cover the wealth of data we can hold on someone, is this needed?
GDPR: Why Do We Need It?
There are many reasons why GDPR is a necessity in the modern world. For one, it was never expected that people would so freely provide data for the use of services that are ostensibly free. The speed at which people hand over data to corporations is one of the reasons why GDPR is needed. With so many corporations now holding key details about us, how can we be sure that data is being used securely?
Also, the Data Protection Act 1998 in the United Kingdom no longer covers the enormity of data we provide to others. GDPR will look to provide the user with, as ITPro puts it, ‘more control over how organisations use their data, and introduced hefty penalties for organisations that fail to comply with the rules, and for those that suffer data breaches.’
In the care industry, the data held on people is about as sensitive as it comes. Therefore, ensuring data is both secured properly and is easily accessible by the subject is of vital importance. Companies will now be expected to provide the same level of protection for a patient or service user’ cookie data online as they would, say, their name and address.
Part of this is backed up by the RSA Data Privacy & Security Report. Surveying around 7,500 people, the survey spoke to people in key nations such as the United Kingdom, Italy, France and Germany. There, they found that lost security details was a wide concern of as many as 76% of those who took part. With 62% blaming the company, rather than the thief, the onus is greater than ever on companies to supply adequate protection.
GDPR: GDPR in Care
This new regulation will likely be felt most stringently in security-specific departments such as care. If you would like a more in-depth view of what GDPR may mean for you specifically, the Information Commissioner’ Office has a fantastic knowledgebase on GDPR.
That being said, don’t push this to the back of the queue. Co-operation is essential, and a failure to meet GDPR requirements could be of massive consequence. If you wish to maintain high standards of governance as a care company, take GDPR very seriously indeed.
For a care company, it’s vital that you invest in the best possible quality of encryption, and improve access security. There’s a whole new perspective on IT care thanks to public perception turning against the use of data in exchange for services. Don’t dismiss the GDPR changes as something for other industries to worry about. In the care industry, this is about as big a change to how you hold patient and customer data as we’ve seen.
You should look to work on making sure you can meet the May deadline and be ready for new regulation. The protection of those in your care, past and present, will expect you to meet the new requirements. Don’t fall behind and risk yourself or those who expect you to care for them.
