Here is a summary of the new law:
There is an increased territorial scope – GDPR rules apply to all companies that process personal data of people residing in the EU, regardless of the company’s location.
We must give you more detailed information when you are collecting their personal data. There are new regulations for gaining consent to collect personal data. Both consent and explicit consent now require clear affirmative action.
We must delete data that we are not using for its original purpose.
Individuals can revoke their consent to data processing at any time, and it must be easy for them to do so.
If companies do not comply with the GDPR, they could face fines of up to 4% of total global annual turnover for the preceding financial year.
We have adapted our privacy policy online, and created a new page on our patient manager system making our clinical staff ask you precise questions about how we store and use your data. This will mean you being asked to click on a few tick boxes when you start dealing with us – and we will seek your permission again every 24 months.