"Health Assured has long been committed to keeping our customers' data private and secure. We want to reinforce this commitment as we move towards compliance with the GDPR." David Price – CEO.
The GDPR (General Data Protection Regulation) is the most important development of Data Protection Law for decades. It will strengthen and ultimately replace the existing Data Protection Act (1998) and is designed to protect the personal data and privacy of citizens across Europe. GDPR will not be affected by the UK’s exit from the EU and the Regulation comes fully into effect on 25 May 2018.
What is Health Assured doing to prepare for GDPR?
Health Assured is committed to adhering to the requirements of GDPR and the Data Protection Act.
We have taken many steps across the entire business to ensure we are ready for GDPR. We have identified what personal data we hold for our customers, why we hold it, where it is stored and for how long. We are already compliant with the Data Protection Act and our compliance with GDPR will build on this foundation. For more details please see our Privacy Information Notice for website visitors
Here’s an overview of our GDPR Roadmap and progress so far:
- Board approval and support from the whole business to undertake this important work - COMPLETE
- Thorough audit of all areas of our business, products and services which are likely to be impacted by GDPR - COMPLETE
- Identify all systems and locations that hold personal data to ensure we know whether that data is held, why we hold it and for how long - COMPLETE
- Develop a strategy and requirements for how to address the areas impacted by GDPR - COMPLETE
- Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR - COMPLETE
- Ensure that all members of the business are educated and informed about GDPR and the changes that will be required by our business - COMPLETE
- Test all of our changes thoroughly to verify and validate compliance with GDPR - COMPLETE
- Finalise and communicate our full compliance prior to the deadline - COMPLETE
Our data security, privacy policies and processes are updated in line with the requirements of GDPR to ensure that we are not only compliant but go further to ensure that your data is safe with us. Based on the research conducted both internally and externally, we are confident the measures we have introduced will meet the requirements of GDPR.
What do Health Assured customers need to do?
While Health Assured is responsible for GDPR compliance to keep your data safe and secure, you too have certain responsibilities to your employees as part of the new legislation.
Here are a few practical tips:
- Make sure people in your business know that the law is changing.
- Create a register of the personal information you hold, where it came from, and who you share it with.
- Review the current privacy notices for the data you store and prepare to change them for GDPR.
- Get consent to store, manage, maintain and use personal data or consider what other rights you may have to process personal data.
- Check that you can honour the rights of individuals. If someone asks for their data, you should be able to give them it in a secure, standard format.
- If someone asks you to remove their data, make sure you can prove you’ve done so.
Please read our frequently asked questions regarding GDPR here.