The Leeds Teaching Hospitals NHS Trust

gDpr Day!

25 May 2018

Johnny Chagger from our Information Governance team blogs about GDPR:

You could be forgiven for thinking that Europe’s General Data Protection Regulation (GDPR) is a law created to fill your inbox with endless emails from every company you have ever visited with online, requesting you to remain on their mailing list.

Many of us will have received emails from companies we haven’t used for years or have maybe never even heard of.

But GDPR is far more than just an email magnet. The regulation finally comes into effect today and is set to force comprehensive changes in every industry that hold personal information.

Some of the statements that I have heard are, “GDPR means I won’t be able to contact my patients anymore” or “GDPR says I’ll need to get fresh consent for everything I do.” As the Commissioner said in her blog “consent is not the ‘silver bullet’ for GDPR compliance, consent is one way to comply with the GDPR, but it’s not the only way.”

Scaremongering about consent still persists, but the headlines often lack context or understanding about all the different lawful bases organisations could use for processing personal information under the GDPR.

As an NHS organisation, much of the data we hold falls outside of ‘explicit consent’. This includes things like data considered necessary for medical diagnosis, providing health or social care or treatment and the management of health and social care systems, assessment of working capacity of employees and preventative or occupational medicine (GDPR Article 9). It also covers data necessary for carrying out tasks in the public interest (GDPR Article 6).

We know that many teams now like to use social media to promote their work. Please take extra care to ensure that no patient identifiable data is posted - it is often on whiteboards in the background that we have seen this happen accidentally before - and you have written consent from people in any photos you share.

The Forward App is considered a secure communications tool as all data is encrypted and not stored on your device. Forward has been approved by LTHT and the wider NHS for the sharing of information, however please always consider what you are posting and who you are sharing it with

Leeds Teaching Hospitals already has very strict information governance protocols in place to ensure information we hold is safe. Some of the new guidelines that are coming into law have already been happening at LTHT for a number of years so we are more advanced than many organisations in implementing GDPR and are confident that we are compliant.

The GDPR builds on the existing Data Protection Act 1998 and it comes as an opportunity to benefit our patients in giving them confidence that their information is safe and in good hands.