The General Data Protection Regulations implemented when the UK was a member of the EU are seen by many as an example of that body’s excessive regulation of business activity and lead to unnecessary bureaucracy when collecting, storing and utilising personal data.
But, like so many stories about EU regulation much of the concern about GDPR is based on myth. Like Health and Safety legislation, it is sometimes seen as a barrier to activities rather than a means to ensure that activity is carried out in a safe way, based on a clear understanding of the risks and action to mitigate those.
What the regulations try to do is to ensure that any organisation that collects and uses data does so safely, securely and with the subject’s permission.
When it comes to sharing data between organisations providing health and social care, many of us assume that such data is being shared and would welcome the fact that this means we do not have keep repeating our key information to the range of professionals who may be involved in providing our treatment and care.
But what if your GP practice decided to increase its income by selling your data to private health insurers?
What the GDPR does is to ensure that you are given information about what information about you will be collected, what purpose(s) it may be used for and how long it will be stored for. Where data may be shared with another organisation you must be told when and how this may happen.
Data has the potential to do make positive differences to the services we provide and receive but in the wrong hands it may present real threats to our safety and wellbeing.
As a provider of business services, I may sometimes be irritated by the requirement to comply with GDPR but as a private individual and recipient of services, I find it reassuring that those who collect data about me cannot use it in ways of which I am ignorant and to which I have not given my consent.
Let us hope that the Government balances it’s desire to free businesses from unnecessary burdens with a continued commitment to protecting our sensitive data.