The EU’s General Data Protection Regulation will require significant effort to better protect and process personal data and Brexit may not exempt the UK from compliance, writes Dariusz Kasparek
Data Protection Day 2017 signalled Europe’s penultimate alert for businesses and organisations to prepare for stricter rules under the European Union’s (EU’s) General Data Protection Regulation (GDPR). Heavy fines could await those that fail to comply with new rules by the EU’s May 2018 deadline, and the regulations still look very likely to affect the UK, despite the Brexit outcome of 2016’s June referendum.
Regarded as one of the most important changes in data privacy regulation in 20 years, GDPR will have a significant impact on how businesses and other organisations approach and process personal data.
In her first speech as the UK’s information commissioner, Elizabeth Denham said that sufficient digital data flow must be maintained with the rest of Europe after Brexit; and that once the UK leaves Europe it will still need to be deemed adequate or essentially equivalent to GDPR. All organisations, including healthcare, will have to closely examine the way they approach data privacy and security. At the same time a new Network and Information Systems (NIS) Directive will enter into force by August this year as an attempt to boost cyber security across Europe.
In the UK, healthcare has been repeatedly identified as a problematic area for data breaches. The NHS has faced numerous fines and warnings of a “systemic” problem from the Information Commissioner’s Office (ICO) for breaches of the Data Protection Act, whilst stories in the media have continued to emerge of a disproportionate number of reported data security incidents.
The ICO has highlighted one reason for rising health data breaches as mandatory reporting required in the NHS. After May 2018 all sectors will have to report breaches, and it will be interesting to see if this changes the balance between data breaches in NHS and other sectors. Data processors across sectors will soon be obliged to notify the ICO within 72 hours of becoming aware of any breach that has occurred, and violations may cost organisations a maximum of €20m or alternatively, 4% of their annual turnover.
With higher possible fines on the horizon, and patients’ privacy and control over their data still key issues to contend with, healthcare must continually look to find ways to protect and manage patient information, which is some of the most sensitive personal information that exists. Healthcare organisations are being encouraged to take action in order to properly protect the data they store to prepare for the upcoming GDPR.
Some information governance (IG) professionals in the NHS anticipate significant change. Andrew Harvey, head of information governance at one NHS trust, has outlined a series of implications that GDPR may mean, arguing “swingeing revision to NHS IG policies and processes” will be needed.
At the same time, others have suggested research could benefit from the new regulation, even benefiting from an advantaged position when it comes to processing patient data.
Pressures in healthcare headlines often focus on budgets, cuts and clinical outcomes. GDPR represents another pressure. But whilst it is anticipated that GDPR will require organisations to appoint a data protection officer to take responsibility for compliance, data security is a cultural issue that goes beyond any one role.
Healthcare staff at all levels are facing increased pressure to remain well-informed about the security of their patients’ digitised data. Healthcare conferences throughout 2016 were reminded of the importance of culture and good data practice at every level in order to safeguard patient data in the NHS, with leadership being key to making this work. GDPR places new requirements on the management of patient data, at a time of immense pressure on the frontline from numerous angles, and at a time of major reorganisation. As leaders take the helm of the evolving and challenging healthcare landscape, data security must be placed high on their agenda.
Healthcare technology is at the heart of his interests. Driven by the possibilities of new technology, Dariusz is a committed member of the Highland Marketing team, working to position clients in the market, so that they can help make the NHS stronger and more efficient. Dariusz enjoys creating strategies for various clients in order to raise awareness of their products and services, and their customer success stories.
Dariusz graduated from Cardiff University with an MA in International Journalism. He has also studied in the United States and completed his school education in his home country – Poland.
“With my journalistic university background and passion for PR, I always try to do my best to think outside the box, use as much creativity as possible and, through skilled communication and the right media, achieve strong results for clients, helping them gain the recognition they deserve in the market.”
A little bit about Dariusz:
- Continuously polishing his linguistic skills through learning and analysing various languages, Dariusz is able to communicate in his native Polish, as well as in English, German, French and Spanish. He is able to say “hello” in approximately 50 languages
- Passionate about genealogy, through a long time-consuming process of digging in his family history, Dariusz has learned a lot about his ancestors, even the ones who lived more than 300 years ago
- He loves travelling, eating quality food, socialising and meeting new people from around the world
Latest posts by Dariusz Kasparek (see all)
- Internal comms for healthcare tech: creativity is key - 27th September 2017
- Lords call for a long-term plan for the NHS and action to drive its take-up of technology - 13th April 2017
- Brexit and NHS data protection: How will GDPR affect healthcare? - 24th February 2017
Want more articles like this one?
HM blog posts, tips and advice