2. MARK LAINCHBURY
• MD of e-clinic
• Created e-clinic in 2002
• Worked in healthcare software since 1997
• I am not a medical professional
• I am not a lawyer
e-clinic.co.uk
3. ICO
“We’re not going to be
looking at perfection, we're
going to be looking for
commitment”
e-clinic.co.uk
4. WHAT GDPR IS
• Designed to protect individuals
• Only applies to ‘personal data’
• The GDPR applies to both automated personal data and to manual
filing systems where personal data are accessible according to
specific criteria. This could include chronologically ordered sets of
manual records containing personal data
• Fundamental shift in the balance of responsibility
e-clinic.co.uk
5. PERSONAL DATA
• Electronic records
• Paper records
Obvious stuff
• Name, address, treatment, financials,
photographs, completed forms...
e-clinic.co.uk
6. PERSONAL DATA
Less obvious stuff
• People connected to
organisations - not just patients
• Mobile phone contacts
• Cookies, IP address, PPC data
• Post it notes
e-clinic.co.uk
7. INDIVIDUAL RIGHTS
The right…
• To be informed
• Of access
• To rectification
• To erasure
• To restrict processing
• To data portability
• To object
• In relation to automated decision making
and profiling
e-clinic.co.uk
8. WHAT GDPR ISN’T
• Does not prevent you from storing data
• Does not require mass data deletion
• Does not negate previous consent
• Does not enforce ‘paperless’ records
• Does not bar you from sending data outside
the UK/EU/EEA
• Brexit may affect that last bit!
e-clinic.co.uk
9. RIGHT TO PROCESS DATA
• Must have a valid lawful basis to
process personal data
• 6 bases
– Consent
– Contract
– Legal Obligation
– Vital Interests
– Public Task
– Legitimate Interest
e-clinic.co.uk
13. LEGAL OBLIGATION
• Clinical Data Laws/Guidelines
• BMA Website
• Company/Accounting Law
• UK Government Web Site
e-clinic.co.uk
14. IS YOUR SOFTWARE GDPR
COMPLIANT?
• No software can be, by itself,
GDPR compliant
• Software can only provide
tools to enable compliance
• Obligations are sometimes
contradictory
e-clinic.co.uk
17. DATA SHARING BETWEEN
APPS
Typical Web Apps Application Programming Interface
• Most modern applications use API
technology to share data
• It is not unlawful to send data
outside the UK/EU/EEA
• But be aware where your data is
going
• Mailchimp – US
• Xero – New Zealand
e-clinic.co.uk
18. WHAT IS GDPR COMPLIANCE
• GDPR compliance is a process
• GDPR compliance is a mindset
• GDPR compliance is a form of respect
e-clinic.co.uk