Person Centred Software founder and director Jonathan Papworth advises how you should prepare for the General Data Protection Regulation (GDPR).
Hopefully the 25th of May is a date that you are very aware of. If not then you are running out of time to do something that can’t be ignored. This year introduces a new hurdle everyone has to jump over, which is the GDPR.
Don’t think it has nothing to do with you because it has the word ‘data’ in it – care plans are data, and they are personally sensitive data. A care plan written on paper is just as much data as if it was on a computer, and not managing these could be very, very expensive.
GDPR is designed to protect personal data and privacy, and carries huge fines for not being compliant. It is not enough to keep care plans and other personal data safe, it is also necessary to document how they are kept safe.
Failure just to assess the risk of information falling into the wrong hands carries million-pound fines. There is also the right to be forgotten, which means burying files in an archive store is not acceptable – you need to be able to find and destroy personal information if called upon to do so.
Meeting the challenges of GDPR is manageable and not necessarily expensive. We have put together steps for care providers to prepare for GDPR which are available at https://personcentredsoftware.com/gdpr/ and the Information Commission’s Office has guides and toolkits at ico.org.uk.
One option is to outsource the problem to a consultant, but with a limited time scale to become compliant the costs for a consultant could be high. Part of the process to be complaint will be to train all the people who use data, and this is where eLearning from companies like eLearning For You (elfytraining.co.uk ) can help.