GDPR
Strengthening The Security Of Sensitive Patient Data
Quick Look into What GDPR is All About?
How GDPR Differs from the Old Directive? – The Note-worthy Changes in the New Regulation
Instruction Type
The significant difference between GDPR and its predecessor lies in the type of instruction they are. Unlike the previous policy, GDPR is not a directive. It is a regulation that legally binds all the companies falling under its jurisdiction with stricter laws to follow. Whereas an instruction can only lay out the objectives like a guide, cannot enforce it.
Consent Type
The new regulation makes consent forms more explicit for better transparency when dealing with data. There is no place for unclear and ambiguous to understand consent forms. GDPR makes it compulsory for businesses to explicitly state the facets of consent forms, making it distinguishable from other declaration forms. Also, privacy policies should be mentioned in detail and should be readily accessible to the subject. The customer should have a precise knowledge of what purpose their data will serve before being asked for consent regarding its usage.
The Inclusion of Privacy By Design
According to the new law, the companies handling EU subject’s data must give importance to system design from the beginning. It should not be an add-on for the later part. Right from the start, data controllers must pay attention to designing the system giving priority to privacy concerns.
Territorial Reach
The reach of the previous data protection direction was limited within the EU territory. Companies located in the European Union were only subjected to the directive. However, the new law eliminates territorial boundaries and makes GDPR applicable to all data controllers and processors. As long as your company processes EU subject’s data, you are bound to comply with GDPR. Location is no more a limitation for the data protection law to apply.
New Set of Rights for the Data Subjects
Earlier, data subjects did not enjoy as much transparency and control over their data as they are now going to with this GDPR in use. Although, the previous directive also gave EU citizens the right to data the new regulation adds an extra edge to it with a more rigorous approach.
Right to Access & Erase Data
Now under GDPR, the subject has the right to ask the controller to erase their data whenever they want. Also, an individual enjoys the right to access data to verify whether it’s not in wrong use.
Right to Be Informed
Everything related to the processing and use of data should be informed to the individual. As per GDPR, the subject has the right to know for what purpose their data is going to be used.
Right to Portability
Under this right, an individual has the freedom to port their data from one controller to another as per their will. They can at any time demand the copy of their data for transferring it to the other.
Hiring Data Protection Officer
According to the previous directive, local Data Protection Officer (DPA) had the responsibility to record the activities of the data controllers. But with the new law, companies with large-scale data processing will have to appoint a DPO who will systematically monitor the data processing regularly.
Notification of Security Breach
GDPR makes breach notification mandatory. Data controllers must inform their supervisory authority about any data breach incident within 72 hours of learning about it. Also, they must notify the subjects who are at risk due to the breach.
Everyone is Responsible Now
Under GDPR, everyone is responsible for protecting data and accountable for any data breach. Earlier, it was only the data controller who was held for data misuse if any. But, now, both the data processor and controller has to comply with GDPR to avoid mishandling of data. This means that even third-party data processors will also have to follow the compliance norms set by the new EU regulation.
Enterprise Penalties for Non-compliance
Article 83 of the new regulation clearly states that enterprises failing to comply with GDPR policies will have to bear heavy penalties. The penalty amount can be a maximum of 4% of the global turnover or €20 million of the previous FY, whichever will be greater. However, the fine will be on the basis of the level and the criteria of different types of non-compliance actions. Also besides fine, the company may receive warnings or suspension of their data processing license permanently.
Is our Database GDPR Compliant?
Healthcare industry deals with highly sensitive patient data. Therefore, application of GDPR becomes more stringent and stricter in this sector. Unlike the previous directive, GDPR clearly defines health data and focuses on protecting the patient data also. It brings all the physical and mental health information of an individual under the jurisdiction of ‘health data.’ Hence, data processors and controllers engaged in health data processing have to abide GDPR compliance guidelines at any cost.
We as a marketing database provider in the healthcare industry have always given priority to protecting our client data. It is not that with GDPR coming into play, we have become alert and paying particular attention. While most providers were adversely affected by GDPR, we had an opposite experience. Even before GDPR got implemented, we were ready to face the compliance challenge. A dedicated legal team ensures that we follow all the norms to keep our proceedings legal and wise.
Our team has taken necessary steps to ensure that the data we offer is GDPR compliant-
- The contact details of prospects we offer come from reliable sources like
market surveys, seminars, conferences, websites, business listings, etc. - We update, clean and validate our database on a regular basis.
- Every data is stored with proper protection in place.
- We make sure only permissioned based data enters our database.