The implementation of GDPR

You may have recently been hearing a lot of talk about the General Data Protection Regulation (GDPR), but what exactly is it? And what will it mean for Radiology departments and the NHS in general? The GDPR is a EU regulation that will become enforceable on the 25th of May 2018, and it’s all about data protection and protecting the privacy of all citizens within the EU and EEA. The GDPR aims primarily to give more power to EU citizens over their personal data, which is a hot topic in the news at the moment after the recent Facebook scandal. According to the GDPR all personal data must be stored using full anoymisation, and the highest privacy settings must be maintained at all times. No personal data can be processed without the owners consent and the owner of the data has the right to get the data deleted in certain circumstances. The data owner also has the right to ask for a portable copy of their data in a common format. If organisations fail to meet these standards, heavy fines can be imposed.

Recent research has claimed that the NHS is underprepared for the upcoming changes. According to reports 46 Trusts around the country have spent more than £1 million collectively on preparing for the GDPR. This money has been spent on consultancy, secure e-mail systems, software, staffing and training.

There are a few main take away points from the GDPR that we need to think about as Radiographers working in a hospital or clinic. We need to know that explicit consent will need to be given before any data processing can occur, we must gain consent prior to communicating any imaging data and that we must provide patients access to a portable copy of their personal data.

There are obviously many more obstacles for the NHS and the private sector as a result of the GDPR, but tight regulations are needed when you’re dealing with so many peoples sensitive information. However, there are ways the NHS trusts can invest to make operations run smoothly once GDPR has been implemented. For example, a Radiology department could invest in a machine that deals with Automated CD/DVD production such as the ETIAM MARS for when a patient requests to have a portable copy of their records. This machine is specifically designed for distributing patients CDs and securely archiving patient data to DVDs. Upon receiving orders from RIS, the ETIAM MARS can automatically search for associated images and record a disc for said patient. This obviously frees up other staff members time, and saves them from scrolling through many patients’ examinations.

Only time will tell how the GDPR affects the NHS and our Radiology departments. Will it become another bureaucratic barrier for the over worked NHS or is it a welcome change to keep all of our data safe?