What is GDPR and why will it affect my business? What data in Clinics is affected by GDPR? Who is responsible for what? Becoming GDPR compliant
GDPR directly affects personal data; in a clinic, what exactly is personal data? Any information related to a person, for example name, date of birth, NINO number, address, medical details, phone number, photograph can identify an individual is also considered personal data, medical details, skin conditions, medication, constitutes sensitive personal data and additional care must be taken when processing it. It is vital for staff members to understand the financial consequences that may occur as a result of its mishandling. As you can see, you are currently collecting daily a lot of data that GDPR applies to!
ClinicSoftware.com Can Help You Become GDPR Compliant by:
Consent & Signature
Providing you with the industry’s first fully digital paperless compliant consultation forms meaning you opt-in all clients and their consent via email, SMS text and online in a traceable way as per GDPR legislation!
Marketing & Signature
Giving you filters and tools to create marketing campaigns using email, newsletter, social media and SMS that are opted-in and won’t get you in trouble when clients request a copy of their consent as per GDPR legislation!
All Data You Send On Clinic Software® Is Encrypted!
All communications with our servers are encrypted with SSL/TLS (warranty of $1,750,000) meaning you and the team are protecting your clients’ data from leaking! For improved security we also offer the ability to use two-factor authentication!
You can be fined up to 4% of revenue capped at 20 million euro e.g. If your Clinic’s turnover is £500,000 you could pay a fine of over £20,000.
There are two core parties responsible for data protection with GDPR: the “data controller” and then the “data processor”. As a clinic, you are the controller. You collect the data and choose how that data is collected and how to use that data for styles, colours, treatments, marketing, offers, promotions, emails, SMS texts, etc. In other words, you are making decisions on how your clients’ personal data should be collected and used.
ClinicSoftware.com is a processor, as it is a tool that can help you do this. This is the perfect example of why you need a GDPR-compliant software: If you are using pen and paper and an online email tool for example, it will be virtually impossible to provide all of the data above.
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018. The regulations will be put in place regardless of Brexit negotiations, and we are aware of the huge effect this will have on ClinicSoftware.com as a software, as a SAAS provider, and on our customers.
We started investigating the new regulations in July 2017, and have been actively working with our team and advisors to gain a full understanding of the implications, and create a number of action plan for what we will be doing to ensure we are compliant 100% with GDPR, pre 25th of May. We will also offer as much support as possible to our customers in providing their own GDPR (General Data Protection Regulation) compliance.
Please note that we will advise our customers where possible, provide tools, where possible, to enable GDPR compliance to our customers, our role as the data processors is standalone, meaning the data controllers (software users) will need to manage their own internal investigations in line with GDPR, as to ensure their compliance with European Commission rules and regulations.
Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC).
Getting ready for the GDPR
GDPR checklist for data controllers
Designed to help you, as a data controller, assess your high level compliance with data protection legislation. Includes the new rights of individuals, handling subject access requests, consent, data breaches, and designating a data protection officer, under the upcoming General Data Protection Regulation.
GDPR checklist for data processors
Designed to help you, as a data processor, understand and assess your high level compliance with data protection legislation. Includes the new requirements for data processors, the rights of individuals, data breaches, and designating a data protection officer, under the upcoming General Data Protection Regulation.
What information does the GDPR apply to?
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
Sensitive personal data
The GDPR refers to sensitive personal data as “special categories of personal data” (see Article 9). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing (see Article 10).
Top tips for getting your business GDPR compliant! We can help you!
Store client information more securely than never before; no more paper notes and manual work. There’s many ways ClinicSoftware.com management system can help you gather, obtain and store client information and access securely having everything encrypted with SSL Security Certificates..
Enjoy peace of mind. ClinicSoftware.com helps keep your data under lock and key with personalized security settings, so you have the power to choose who can access what and activate 2 Factor Authentication for all your users.
Your software system is the heart of your business. This feature automatically takes a back-up of your data, protecting you against any unforeseen disasters such as theft.
Make sure you have all the boxes ticked with custom consent forms that suit your unique business needs. Capture essential details such as contraindications, obtain client consent before you provide a service and save space in the same time.
Online client information cards
This handy little feature makes capturing client information from any device. Your clients simply enter their details on an iPad or tablet and your system is instantly updated and sync in real time.
Keep track of customers progress and empower your team to deliver the highest quality treatments with detailed visual records of each customers visit. Compare before and after images and look back on details of past procedures.
Set and send marketing on autopilot
Be active with consent and get your clients to opt-in and keep in touch using automated feature. Once opted in, you can set up your SMS and email marketing campaigns so they automatically deliver personalized communication.