The Veterinary Practice Management Association (VPMA) has published its ten top tips for practices to become compliant with the new General Data Protection Regulation (GDPR) rules coming into force in May 2018:

  1. What data are we talking about?
    The data that will need to be protected will be that of your clients and your staff; clinical data about pets is exempt. The GDPR will apply to the STORAGE, PROCESSING and SHARING of this data.
  2. Get 'positive consent'
    Wave goodbye to opt-out boxes or pre-ticked options etc. Clients will now need to give ‘positive consent’ and actively tick ‘opt-in boxes’ or they can give verbal consent.  So, make sure you have this before sending out any practice marketing material or vaccine reminders. Don’t forget to record and store it and keep it up-to-date.
  3. Be transparent
    Your clients will have the right to know exactly what their data is being used for, what your lawful reason for processing data is, and how long you will keep it.
  4. Provide access to data
    The new legislation means that clients can request an electronic copy of their records at any time. So, say farewell to paper copies and make sure you have a system in place where records will be in an electronic format and easily accessible. You also need to make sure you can achieve this within the required timeframe (one calendar month).
  5. It's not all about you
    You will also need to take responsibility for those whom you share your clients’ data with (e.g. laboratories, debt-collectors, external HR etc.).  Make sure that you are happy that they will be complying with the new legal requirements and have the necessary systems in place to provide data protection compliance.
  6. Uh oh, something has gone wrong
    Don’t panic. You just need to notify the ICO within 72 hours of the data breach. So, make sure everyone in your team is aware of this and that they're ready to flag any breaches they notice ASAP.
  7. Take responsibility
    Someone in your practice will need to be elected to be responsible for all data protection compliance. This person will need to stay up to date with legislation and regularly review the effectiveness of the data handling, processing and security in place at your practice.
  8. Stay secure
    Make sure that all your data is securely stored, by ensuring that your anti-malware is up to date, you have a firewall in place, passwords are regularly updated, and any cabinets used to store records are locked and that the key is kept somewhere separate and secure.
  9. Still confused?
    Don’t panic, you can find detailed guidance and toolkits to help get you on the right track at https://ico.org.uk/for-organisations/resources-and-support/ and https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.
  10. Got a burning question?
    Just given the ICO SME helpline a call on 0303 123 1113, option 4, and they will be happy to help. 

The recording of the VPMA’s GDPR webinar with the Information Commissioner's Office has been made available to the veterinary profession to help practices get ready for the 25th May 2018, when the new regulations come into force.

For access to the webinar, email: secretariat@vpma.co.uk

PS: Whilst you're here, take a moment to see our latest job opportunities for vets.