This document summarizes an introductory webinar on the General Data Protection Regulation (GDPR) presented by Dr. Brian O'Mahony. The webinar provided an overview of the GDPR, outlined resources available to help practitioners comply, and next steps for implementation. Key points included that the GDPR strengthens data protection for EU citizens and replaces existing acts, has major implications for general practice, and requires sorting out IT security, designating a data protection lead, and documenting compliance steps.

1. An introduction to the General
Data Protection Regulation
(GDPR)
Dr Brian O’Mahony
GPIT Webinar
February 7th 2018

2. Please be kind to the messenger
• GDPR is a European Regulation
• The implementation of GDPR is
not up for debate or discussion
• ICGP and GPIT are trying to help
you to comply with GDPR

3. Outline of this Webinar
• Brief presentation;
• Review of resources available to
help you prepare for GDPR;
• Questions and Answers;
• Conclusion: next steps;

4. What is the General Data Protection
Regulation (GDPR)?
• GDPR is an EU regulation that comes into effect on 25th May 2018;
• GDPR strengthens data protection for EU citizens;
• GDPR replaces existing Data Protection Acts 1998 and 2003;
• GDPR will have a major impact on general practice;

5. GDPR is complex
• GDPR has:
• 11 Chapters
• 99 Articles
• 173 Recitals
• The text of GDPR runs to
98 A4 pages

6. ICGP GDPR Working Group
• Brian O’Mahony
• Conor O’Shea
• Brian Meade
• Niamh Killeen
• Brendan Fay (Ward Solutions)
• John McWade (Ward Solutions
• Deliverable is a Code of Conduct
for GPs on Data Protection:
• Draft document will be finalised by
February 14th ;
• Then goes to Data Protection
Commissioner (DPC) for review;
• Will be published as soon as any
feedback and comments from DPC
is resolved;

7. Voluntary Code of Conduct
• Records of Processing Activity
• Categories of Personal Data
• Legal Basis for Processing of Data
• Recipients for Sharing Data
• Data Retention Policy
• Principles of Data Protection
• Lawful, fair and transparent
• Accountability
• Individual Rights of Patients
• Access
• Rectification
• Erasure
• Data Portability
• Personal Data Breaches
• Data Protection Impact
Assessments
• Data Protection Officers

8. Key messages
• Sort out your IT security;
• Identify a data protection lead in
the practice
• Document the steps you are
taking to comply with GDPR;
• Teach your staff;

9. GDPR Resources
• ICGP Data Protection Guidelines, http://www.icgp.ie/data
• GPIT Frequently Asked Questions on GDPR, http://www.gpit.ie/faq
• Data Protection Commissioner, http://gdprandyou.ie/resources/
• Final text of the GDPR, https://gdpr-info.eu

10. Questions?
• Please keep questions broad and
of general interest;
• Avoid questions of a highly
granular, personal and specific
nature;
• We may not know the answer;

11. Next steps
• Commission an information
security audit;
• Identify a person with
responsibility for data protection;
• Start your GDPR accountability log;
• Webinar on March 22nd by Brian
Meade;
• Review and adopt the Code of
Conduct when it becomes
available;