On May 25th of this year, a new EU General Data Protection Regulation (GDPR) came into effect which replaced the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).
The main objective behind the new legislation was to ensure consistency regarding data privacy laws across Europe by changing the way organisations approach data privacy. The fundamental aim of GDPR is to protect all EU citizens from privacy and data breaches.
This new law gives individuals complete authority over their personal data in terms of who has it, where it is stored, how it is stored, the length for which it is stored and the purposed for which it is gathered.
Within a healthcare setting, there are a number of rights which are of particular relevance to patients. These include:
- Explicit Consent: Individuals must be informed about how their personal data will be processed
- Right to Access: At any point in time an individual can ask an organisation what personal data is being stored about him/her
- Right to be forgotten: An individual can request an organisation to remove their personal information from the organisation’s systems although this is not an absolute right
- Data Portability: An organisation must be able to provide individuals with a copy of their personal data in a machine-readable format where that data is held in electronic format
- Data Corrections: An individual will have the right to have inaccuracies corrected
If you have any further questions about GDPR and what it means for you, you can contact the Hospital’s Data Protection Officer, email@example.com