The General Data Protection Regulation (GDPR)
You may have seen GDPR hitting the headlines, or perhaps organisations have already contacted you about it? We take a closer look at what GDPR is and what it means for you…
One of the biggest changes to UK data privacy law comes into effect on Friday 25th May 2018.
The General Data Protection Regulation (GDPR) is a really positive step towards you having more control over how your data is used and how you’re contacted. The changes will also help to better protect your personal data. We have updated our privacy notices to reflect these changes.
As part of these changes, you may soon find organisations asking you how you would like to be contacted. Here at Calderdale Clinical Commissioning Group (CCG), you’ll be prompted to give consent before your data is processed unless a legal basis applies.
To make sure you’re ready to make your choices, we’ve created a handy guide that will help explain the changes and what they mean for you.
Five things you need to know about GDPR
- It is the biggest change to UK data privacy law in 20 years
Thanks to technological advances the amount of personal data being generated is rapidly increasing – every time you shop online, use your favourite app or ‘like’ a photo on Facebook you generate data – which is why the law needs updating to better protect people. As part of the GDPR, all companies have to review how they manage all personal data – from customer email addresses to employee details – and ensure they are GDPR-ready by 25th May 2018.
- It will give you more control over your personal data
GDPR is all about giving you more control on how your personal data is used. You’ll have greater visibility and control over the personal data organisations hold about you – whether it’s something as simple as your name, or as complex and sensitive as medical information. This means you can have greater confidence that information about you is accurate, up-to-date and properly managed.
The GDPR includes the following rights for individuals:
- the right to be informed; You can see what will happen to your data by reading the Privacy Notice provided when we collect your information. The Privacy Notice will tell you why we are collecting your information, who we share it with and how long we will keep it for.
- the right of access; You can ask what information is held about you via a Subject Access Request.
- the right to rectification; If you think something is wrong with the data we hold, such as incorrect address you can request that it is corrected.
- the right to erasure; You can withdraw consent at any time, unless there is a legal requirement for us to hold it.
- the right to restrict processing; You can pause the handling of your data whilst a review of your issue takes place.
- the right to data portability; You can request that data we hold is transferred to another organisation.
- the right to object; As before you may still use the CCG’s complaints procedure to complain should you wish to or if your complaint is about the handling of your data you may write to our Data Protection Officer at IGSharedService@calderdaleccg.nhs.uk , or by using our complaints form
- the right not to be subject to automated decision-making; instead of having a machine may a decision about you, you may request that a person reviews your information in order to make a decision.
- You can choose who contacts you, and how
Over the coming months you’ll probably notice a lot of organisations asking for your consent so they can contact you about offers, products or services they think you’ll find useful or interesting. To comply with GDPR, these requests need to be really clear and straightforward. You get to choose who contacts you and how, for example by email, social media or phone.
- You can change your mind at any time
If you give an organisation permission to contact you, it doesn’t mean you can’t change your mind in the future. Under the new rules, it should be easier to update your preferences on what you want to receive and how.
- Your data will be better protected
GDPR also aims to make sure that all organisations holding personal data have the right processes in place to protect it.
If you have any queries about the new data protection legislation and how it might affect you, please contact our Data Protection Officer using the contact us form