GDPR are you ready?

Like many businesses in the UK & Ireland we are sorting out our policies, procedures and staff awareness ahead of 25 May 2018 when the General Data Protection Regulation (GDPR) comes into force.

Some people have said its like Y2K all over again, probably meaning that its a whole lot of noise and come 26 May 2018 we will all wonder what it was all about.  OK, that's one point of view and whilst we can empathise, here at HCB Group we fully appreciate the need to keep personal information secure with relevant access for those that require it.  Simply put, data protection should be a key and critical component of doing business in the 21st century.  We have all seen the headlines in the press and on TV about the latest hacking attacks and data breaches.

The internet was in its infancy when HCB Group was founded but even in the early days when we all used dial up modems and then waited for what seemed ages for the web page to load, stories started to appear about the need to secure information.  Hopefully we are long past the time when the most common password being used was in fact "password".

We have launched our GDPR readiness page on the HCB Group website, for those who want to see what actions we are taking in order to be compliant, click here to find out more.

HCB Group - General Data Protection Regulation Statement

Health Claims Bureau Limited (trading as HCB Group), its directors and staff are fully committed to protecting and respecting the privacy of individuals, and take our obligations under data protection legislation seriously.  We understand and welcome the high standards that GDPR will promote and encourage across all organisations that process personal data.

In order to ensure our readiness for GDPR, we have in place a project team which, has the following key priorities:

• Modify and fine tune our existing management systems, processes and policies to ensure that we are GDPR-compliant.
• Ensure that our employees, medical staff and consultants are fully aware of the new obligations that GDPR will introduce, and ensure that there is accountability and shared responsibility for ensuring compliance, from Board level and throughout the Group.
• Provide a range of products and services to our customers to assist them in preparing for GDPR, including specific support to those who use our technological solutions (such as our specially configured data-capture software), to ensure that such solutions are compliant.

We have used the information and support of both the Information Commissioner's Office (ICO) in the UK and the Data Protection Commissioner in Ireland in order to ensure that we are putting the correct structures in place

If you are just getting started with GDPR compliance, here's an aide memoir to help you get underway.

• Create a data privacy team to oversee GDPR activities and raise awareness
• Review current security and privacy processes in place & where applicable, revise your contracts with third parties & customers to meet the requirements of the GDPR
• Identify the Personally Identifiable Information/Personal data that is being collected
• Analyze how this information is being processed, stored, retained and deleted
• Assess the third parties with whom you disclose data
• Establish procedures to respond to data subjects when they exercise their rights
• Establish & conduct Data Privacy Impact Assessment (DPIA)
• Create processes for data breach notification activities
• Continuous employee awareness is vital to ensure continual compliance to the GDPR