General Data Protection Act
The EU General Data Production Regulation (GDPR) was approved in 2016 and came into law in the UK on 25 May 2018. It replaces the Directive that is the basis of the UK Data Protection Act 1998, which has been replaced by the Data Protection Act 2018. It is expected that the provisions of the GDPR will remain in force post-Brexit.
Although in general the principles of data protection remain similar from the previous Act in 1998, there is greater focus on evidence-based compliance with specified requirements for transparency and openness of the data we process in St George’s University Hospitals NHS Foundation Trust, demonstrating compliance and delivery of the rights for individual data subjects (you) while reducing the risk of considerably stronger penalties for non-compliance.
The GDPR introduces the principle of ‘accountability’ that requires us to be able to demonstrate compliance. The key obligations to support this include:
- The recording of all data processing activities identifying the lawful justification and data retention periods
- Routinely conducting and reviewing data protection impact assessments where processing is likely to pose a high risk to individuals’ rights and freedoms
- Assessing the need for data protection consideration at an early stage, and incorporating data protection measures by default in the design and operation of our information systems and processes
- Ensuring demonstrable compliance with enhanced requirements for transparency and fair processing, including notification of rights
- Ensuring that data subjects’ rights are respected. This includes the provision of copies of information held by the Trust, rights to rectification, erasure, to restrict processing, data portability, to object, and to prevent automated decision making.
- Notification of personal data security breaches to the Information Commissioner
- The appointment of a suitably qualified and experienced Data Protection Officer
The General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 require us to follow specific standards and maintain clear evidence of compliance. St George’s University Hospitals NHS Foundation Trust is fully committed to upholding both the legal requirements and the principles of transparency and openness that these regulations promote. We work rigorously to support data protection legislation in every aspect of our operation.
Your rights in relation to your personal information are described in the Trust’s privacy information.