The risk team have identified the following key tools from our resources to help you work through this area of risk and ensure compliance:
- Checklist: GDPR. This helps practice managers, GPs and GDPs understand their duties and responsibilities under the GDPR. It contains links to practical guidance sheets which are also listed below.
- Guidance sheet: GDPR Breach Notifications. What constitutes a data breach under the GDPR and when do you have to notify the Information Commissioner's Office? When do individuals need to be notified? This guidance sheet offers practical advice on this key GDPR area.
- Guidance sheet: GDPR Subject Access Requests. Find out more about subject access requests and enhanced data subject rights with this handy guidance sheet.
- Guidance sheet: GDPR Lawful basis for processing. The GDPR requires a lawful basis for the processing of personal data. This guidance sheet explains the various bases for legal processing of sensitive and non-sensitive data with a particular emphasis on informed consent and offers practical advice.
- Guidance sheet: GDPR Data Protection Impact Assessments. PIAs are useful tools to help practices consider and address the privacy risks inherent in processing the data they hold. The GDPR requires a PIA to be carried out before implementation of a new system or process for processing data. This guidance sheet offers practical step-by-step advice.
- Guidance sheet: GDPR Privacy Notices. These are effectively compulsory under the GDPR. This guidance sheet explains why you need a privacy notice, what they are for and how they should be composed.
- Webinar: Watch our training webinar GDPR an overview.
- Article: Protecting employee data. Much of the focus in primary care thus far has been on the changes applying to patient records, but data controllers must be aware that the new regulation also applies to the information held about employees. Employment adviser Liz Symon looks at what the GDPR means for the way employee data is processed.
- Online course: Managing data security breaches
- Online course: An introduction to Privacy Notices
- Online course: Managing subject access requests
- On-demand webinar: GDPR an overview
This page was correct at the time of publication. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.