Achieving Compliance

What are great surprise when flicking through the FMC Dentistry Magazine and The Journal For Private Dentistry!!

GDPR Email Terminology You Need to Know!
When it comes to GDPR and emails things can get confusing! You need to make sure you completely understand the terminology potential users/customers/businesses could be using so you can action accordingly.
Consent – This means permission! GDPR’s aim is to allow users more control over their data and is big on consent which means if you don’t have it, you can’t use it. Now there are some situations where direct consent isn’t needed, for...
Continue Reading

We all know that we should be following GDPR but I regularly get asked; What is point of GDPR?
At Achieving Compliance I like to make things simple so that everyone in your team can understand.
GDPR is a regulatory framework designed to improve the privacy and security of the personal data and give greater control over how the data is used. It applies to any organisation that collects information of EU citizens whether they are based in the European Union or not.
... www.achieveingcompliance.com
See More

Let me take the boredom out of GDPR for you!
www.achievingcompliance.com 07780008940
... https://blog.calm.com/relax/once-upon-a-g dpr
See More

How not to do GDPR!
https://tcrn.ch/2LbgYw1

Have you registered your DPO? If not, it is really simple. If you don’t have a DPO, contact me today. As a certified DPO and EU GDPR Practitioner I can help you with all of your needs.
www.achievingcompliance.com lisa@achievingcompliance.com

The ICO are aiming to release a list of fee payers by the end of month. I would recommend that you check that you on the list, if you’re not and you should be, they will issue a notice and then a fixed penalty fine.

Today I was asked: Are we allowed to share a patient’s details with a debt recovery agency?
YES! Even though they haven’t given direct consent, your business has a legitimate reason to. However you can only share relevant information.

This data breach occurred before GDPR rules came into force on the 25th May. Under the previous Data Protection Act rules, the maximum fine imposed would be £500,000, whereas under the GDPR rules, firms could face a maximum of €20m (£17.6m) or 4% of global turnover, whichever is the greater. Let’s see how the ico are going to deal with this one!

Can you reject the right for erasure?
YES. Even though it is listed as one of their rights the regulations have exceptions to the rules. For example, an online newspaper may refuse to forget a prominent politician, that they are criticising, on the grounds of public interest.
... Just make sure you get ID from the person first before discussing anything and when you decide to reject the request, inform the person, give adequate reasoning and give them the details of you DPO and the details of the ico. You will also need to document the request.
www.achievingcompliance.com
See More

GDPR doesn’t have to be difficult!

10 steps to GDPR compliance:
1. Knowledge is power! It is essential that your whole team are aware of the changes in the law and the effects that it will have.
... 2. What do you hold? It is important to document what data you have, how you collected it and how it is stored.
3. Privacy Notice. Review your privacy notice. Does it meet the GDPR criteria?
4. Rights. Check all of your procedures. Are you able to give the client/ patient their rights?
5. Delegated Officer Depending on what industry you are in, you may need a DPO. This can’t be anyone who is in management and they should be adequately trained. If you don’t have anyone, we can do this role.
6. Processing. Are you proceeding data legally? Do you need contracts with processors?
7. Content. Look at what you are collecting. Are you gathering more data than you need?
8. Breaches. If a data breach occurs, do you know what to do?
9. Data Protection Impact Assessment. This will help you understand how and when implementation is needed.
10. Subject access request. There is a new timescale! Make sure your procedures enable you to handle them and that your team know what to do.
We can help you with all of these points! From reviewing your policies to doing your data protection impact assessment to being your DPO. Let us help you. 07780008940 www.achievingcompliance.com
See More

YES- GDPR can be very confusing and stressful! NO- it doesn’t have to be!
Let Achieving Compliance help you by taking the stress out of it. We offer help and advice on all of your GDPR needs.... Get in contact today. lisa@achievingcompliance.com 07780008940
www.achievingcompliance.co.uk
See More

The new leaflets have arrived! Please contact me if you would like me to send one over to you.
M: 07780008940 E: lisa@achievingcompliance.com... W: www.achievingcompliance.co.uk
See More

According to Article 37 a Data Protection Officer is mandatory if the enterprise: Is a public authority (except for courts acting in their judicial capacity) Carries out large scale systematic monitoring of individuals (for example online behavioural tracking) Carries out large scale processing of special data or data relating to criminal convictions and offences NHS dentists, doctors and opticians are therefore mandated to appoint a data protection officer.
... Let us help you achieve compliance!
See More