The May deadline to become GDPR compliant is fast-approaching ⏳, and we want you to know we’re on track to meet the deadline.
What is GDPR? 📖
If you’re unfamiliar with the GDPR (General Data Protection Regulation), it’s a regulation designed to strengthen and unify data protection for all individuals within the European Union 🇪🇺, effective 25th of May 2018.
This means a person will have more rights, freedoms, and control over how their data is used. It also includes some behind-the-scenes requirements in regards to how that data and information are stored.
What does that mean for me? 🤷
If you handle or process the data of any person in the EU, GDPR will apply to you whether you’re located in the EU or not.
How is Cliniko preparing for GDPR?
Privacy 🕵🏻 and Security 🔒 is something that we’re really passionate about and we believe these changes should be core features of Cliniko that go beyond just compliance. Here are a few things we’re doing in preparation for GDPR:
Completing a DPIA 📋
Data protection impact assessments (DPIAs) help businesses to identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. Carrying out this assessment will help us to identify and fix any problems at an early stage.
Appointing a Data Protection Officer 🚨
We’ve appointed a Data Protection Officer. This is someone in the business who acts as an independent advocate for the proper care and use of our users information.
Adding new features 🎊
To help you comply with GDPR we’re adding some features to Cliniko to enable you to:
- record consent of your patient
- revoke consent on behalf of a patient
- delete all information about a patient from Cliniko
- export all individual patient data to give to a patient, in an easy to read format
Updating our policies ✍️
We’re also updating some of our contracts with you. This will cover a range of things, but specifically people have been asking us about the location of where the data is held and how the GDPR impacts that.
The good news is that the location of our servers doesn’t affect GDPR compliance, as long as we have the right documents in place. Therefore, we’re working on a contract that will be sent out to all EU users of Cliniko shortly, which will cover transfer of data outside of the EEA.
Coordinating with our vendors 🛒
We use 3rd party vendors in the running of Cliniko, and as such we’re talking to all of those vendors to discuss their GDPR plans and taking action where needed.
As always, we’re here if you’ve got any questions! Just hit that “Help” button on the left sidebar in Cliniko and then “chat with us” 💬 or drop us an email 💌 at: firstname.lastname@example.org.