GDPR compliance update for the week of 23/04

Clint Beeken·

It’s a month until the GDPR compliance regulations kick into gear and we’re well on the way to becoming compliant! Here’s an update on what we’ve done, what we’re doing, and what’s on the cards for the upcoming month!

Roman warrior holding a laptop with Cliniko's logo

Cliniko as a processor of data

When it comes to your patients’ data, Cliniko is a processor of the data in your account, while you are the controller of that data. As a processor of data we will assist you to fulfil your needs as a controller, for example, by providing tools that can help you stay compliant with your patients’ requests!

Here’s an update on changes that we’ve already released to help you with your compliance:

Thankfully, we have a lot of things in place already to help with other rights, such as the Right to Object (since you’re allowed to edit marketing statuses in Cliniko), and Right to Rectification (as you can change any incorrect details in any Cliniko area!).

To improve on what we have available right now, the following changes are in progress:

  • A one-stop page to give you all (I mean, ALL!) information for a single patient. This will cover the Right to Access and Right to Portability tenets of GDPR.
  • Removing all currently “soft” deleted patient-related items in Cliniko. Previously, we just hid a deleted patient from being seen and used. We will be “hard” deleting soon!
  • Removing the patient name from the “history” in your browser, to help with preventing any possible data leakage from your account.
  • And, more to come!

The final piece of the puzzle, for our needs as a processor, will be to enter into a DPA with each and every account using Cliniko in the EEA zone. That document is with our lawyers right now, getting reviewed again, and we’ll be launching that one in the next month, too!

Cliniko as a controller of data

Cliniko is also a controller of data: your information that you provide to us! This can include, but is not limited to, your email address, phone number, business details, and more. As a controller of data, we have similar responsibilities to you as you do to your patients. This means that we’re working on making sure we are compliant in this area, too! Some of the tools to help us comply with this include:

  • Full account deletion when requested of us.
  • Improved our tagging of EEA zone accounts, so that we can communicate with you in a more direct fashion (which will help us deliver this article as a message to you within your account soon!).
  • Improved and formalised our back-of-house policies, in regards to our employees and our policies surrounding the use of data in Cliniko and our related tools.

The most important things that we have in progress are our new Privacy Policy and Terms of Service documents. Those ones are also with our legal team now, and then we’ll be getting the revised versions in your hands as soon as we can. You’ll be hearing more about this within the next month!

Moving forward

We’ll be announcing our new updates when they get released in the Updates & Changes area of our Community.

We’ll also be communicating to you directly when we have our new Privacy Policy, Terms of Service, and DPAs for you to consent to and sign off on!

As usual, you can always ask us for clarifications, or more information, via the Help → Chat With Us option within your Cliniko account.

Author information

Clint is one of our rockstar support team. He's pretty awesome but hasn't written us a bio for this profile, and we have to hit a 140 character limit.

Never miss an update! Sign up for monthly Cliniko news and tips.

Read Cliniko’s Terms and Privacy policy