Are you ready for General Data Protection Regulation?
BMJ 2018; 360 doi: https://doi.org/10.1136/bmj.k941 (Published 02 March 2018) Cite this as: BMJ 2018;360:k941
- Bernadette John, digital professionalism consultant
- DigitalProfessionalism.com, London, UK
- Bernadette.john{at}digitalprofessionalism.com
Often described as the most important development in data privacy regulation for 20 years, the General Data Protection Regulation (GDPR) is intended to strengthen data security for individuals.1 It will be implemented across Europe from 25 May 2018. With violations set to generate fines for organisations of up to 4% of annual turnover or €20m (£18m; $25m), whichever is greater, the GDPR is not something that doctors or the NHS can afford to ignore.
Management of confidential data is fundamental to the work of clinicians, and so this new regulation introducing specific legal requirements around consent, transmission, and storage of data will affect doctors and anyone else processing personal data.
From May 2018, patients will be able to request access to, location of, amendment to, and erasure of their data. Transparency and accountability are vital if compliance is to be achieved. Adherence to guidance from the UK’s Information Commissioner’s Office, NHS, and regulatory and professional bodies is of course essential. However, such guidance has been slow to materialise and has so …
Log in
Log in using your username and password
Log in through your institution
Subscribe from £173 *
Subscribe and get access to all BMJ articles, and much more.
* For online subscription
Access this article for 1 day for:
£38 / $45 / €42 (excludes VAT)
You can download a PDF version for your personal record.