Intended for healthcare professionals


Are you ready for General Data Protection Regulation?

BMJ 2018; 360 doi: (Published 02 March 2018) Cite this as: BMJ 2018;360:k941
  1. Bernadette John, digital professionalism consultant
  1., London, UK
  1. Bernadette.john{at}

Doctors urgently need guidance, training, and fully compliant channels for sharing sensitive data

Often described as the most important development in data privacy regulation for 20 years, the General Data Protection Regulation (GDPR) is intended to strengthen data security for individuals.1 It will be implemented across Europe from 25 May 2018. With violations set to generate fines for organisations of up to 4% of annual turnover or €20m (£18m; $25m), whichever is greater, the GDPR is not something that doctors or the NHS can afford to ignore.

Management of confidential data is fundamental to the work of clinicians, and so this new regulation introducing specific legal requirements around consent, transmission, and storage of data will affect doctors and anyone else processing personal data.

From May 2018, patients will be able to request access to, location of, amendment to, and erasure of their data. Transparency and accountability are vital if compliance is to be achieved. Adherence to guidance from the UK’s Information Commissioner’s Office, NHS, and regulatory and professional bodies is of course essential. However, such guidance has been slow to materialise and has so …

View Full Text

Log in

Log in through your institution


* For online subscription