Navigating the GDPR labyrinth

In the latest General Data Protection Regulations, the question of ‘consent’ has caused confusion and frustration. Jane Braithwaite and Karen Heaton reveal medical practices did not properly understand whether they were required to ask patients for their consent for certain processing activities or how to do so.

In the medical sense, ‘consent’ is very clear. But in the latest EU General Data Protections Regul­ations (GDPR), the question of consent has been one of the most confusing and frustrating issues to come to terms with.

How many emails did you receive in the run-up to the GDPR deadline about ‘opt-ins’ for marketing or just ‘opt-ins’ in general?  

Our experience is that medical practices and businesses in general really did not properly understand whether or not they were required to ask patients or clients for their consent for certain processing activities or how to do so.  

On a personal level, it was a very useful opportunity to clear out unwanted junk email and compel organisations to take unsubscribe requests seriously. This had clearly not been the case in the past.

But were all these emails about consent necessary? 

Well, that depends on a number of factors: 

 The lawful basis you have for processing an individual’s data; 

 How you received an individual’s data; 

 What you have told individuals – patients, clients or employees – about how your practice handles their personal data.

LOGIN OR REGISTER TO READ MORE……………