By Reggie Simpson

One of the biggest changes to UK data privacy law comes into effect on 25 May 2018.

Until now The Data Protection Act 1998 (DPA) has governed how organisations such as Betafeet Podiatry must collect, handle and store personal information regardless of whether data is stored electronically, on paper or other materials.

To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

The DPA will be replaced by the General Data Protection Regulation (GDPR) with effect 25 May 2018.

The GDPR is an EU regulation designed to bring data protection legislation into line with changing ways data is now used through the digital economy, internet and cloud technology. The GDPR aims to simplify the legal framework and create consistency and transparency across the single market. The GDPR will apply to the UK regardless of Brexit . It introduces tougher fines for non-compliance and breaches. The GDPR also gives people more control and say over what organisations can do with their personal data.

The GDPR is a positive step toward you having more control over how your data is used and how you're contacted. The changes will also help to better protect your personal data.

As part of these changes, you may soon find organisations such as Betafeet Podiatry asking you how you would like to be contacted.

We would like to share a brief summary of the GDPR to help to explain the changes and what they mean for you:

1. It’s the biggest change to UK data privacy law in 20 years

Thanks to technological advances, the amount of personal data being generated is rapidly increasing – every time you shop online, use your favourite app or ‘like’ a photo you generate data – which is why the law needs updating to better protect people. As part of the GDPR, all organisations have to review how they manage personal data – from customer contact addresses to employee bank details – and ensure they are GDPR-ready by 25th May 2018.

2. It will give you more control over your personal data

The GDPR is all about giving you more control on how your personal data is used. You’ll have greater visibility and control over the personal data organisations hold about you – whether it’s something as simple as your name, or as complex and sensitive as medical information. This means you can have greater confidence that information about you is accurate, up-to-date and properly managed.

3. You can choose who contacts you and how

Over the coming months you’ll notice a lot of organisations asking for your consent to receive and hold information. You get to choose how you are contacted, for example by email, SMS messaging, social media or phone.

4. You can also change your mind at any time

If you give an organisation permission to contact you, it doesn’t mean you can’t change your mind in the future. Under the new rules, it should be easier to update your preferences on what you want to receive and how.

5. Your data will be better protected

The GDPR also aims to make sure that all organisations holding personal data have the right processes in place to protect it. Organisations who put customer data at risk will face hefty penalties.

How will Betafeet Podiatry comply with the GDPR?

The new legislation is not just for large organisations that collect data to help them increase and serve their customer base and to market new products and services. We have certainly been exposed to recent breaches involving the selling of data, particularly through organisations which are built around social media. Betafeet is not similarly reliant on social media; we rely largely on word of mouth and an informative website.

Please note: although we hold contact details so that we may be able get in touch with you about an appointment or appointment follow up we never sell email lists .

We need to hold personal information about you in our patient computer system. We do not retain paper records. The information we collect or hold on your patient record helps us to look after your health needs, and all podiatrists in the business are responsible for information accuracy and safe keeping. Aside from contact and other relevant information (such as care givers) we need to be able to review your medical history, history of treatments and other information which will help us treat you to the highest standard (all held on a secure database with no paper records kept.) Please help to keep your record up to date by informing us of any changes to your circumstances.

We also have a robust system in place to dispose of personal and sensitive documentation.

You may wish to see our Patient Confidentiality and Duty of Candour documents which are on display in the clinics, within our new patient welcome packs available in clinics and on our website.

The GDPR is looming, but it remains a work in progress as organisations adapt and implement the legislation. We will keep you up to date with relevant updates.