New European data regulations and privacy
The CZ law changed on the 25th May 2018 and, if you are in theCZ or anywhere in Europe, you have probably received severalemails about the new EU General Data Protection Regulation(GDPR).
Nothing is changing about the way your information is processed. I have just improved the way we describe my practices.
My interest is in working with clients, families and children, and that is where my passion remains. I may run courses and inform you of this from time to time, and I may remind you of my practice dates from time to time.
Data protection policy
Scope of the policy
Why this policy exists
This data protection policy ensures that Dr PSG:
• complies with data protection law and supports good practice
• protects the rights of clients
• is open about how he stores and processes clients’ data
• protects himself from the risks of a data breach
Data protection principles
The General Data Protection Regulation identifies 8 data protection principles.
1. Lawful, fair and transparent data processing
Dr PSG requests personal information from clients and potential clients to consult with them and provide them with advice and guidance on homeopathic treatments. Clients should be asked to provide consent for their data to be held, and a record of this consent along with client information, will be securely held. Clients can, at any time, remove their consent by writing to Dr PSG by post or email, should they wish to do so.
2. Processed for Specified, Explicit and Legitimate Purposes
If requested, clients will be informed how their information will be used and Dr PSG will seek to ensure that clients’ information is not used inappropriately. Appropriate use of information provided by clients includes:
• Communicating with clients in order to make, change or cancel consultations
• Assessing the conditions and issues reported by clients and devising and
prescribing appropriate remedies and therapies.
Dr PSG will ensure that clients’ information is managed in such a way as not to infringe an individual’s rights which include:
• The right to be informed
• The right of access
• The right to rectification
• The right to restrict processing
• The right to data portability
• The right to object.
3. Adequate, Relevant and Limited Data Processing
Dr PSG’s clients will only be asked to provide information that is relevant to support consultations and prescription. It includes:
• Date of birth
• Postal address
• Email address
• Telephone number
• Medical history and the client’s personal health story.
• Relevant close family information
• Information related directly to the homeopathic choosing of remedies
There may be occasional instances where a client’s information needs to be shared with a third party due to an accident or incident involving statutory authorities. Where it is in the best interests of the client or of Dr PSG, in these instances where Dr PSG has a substantiated concern, then consent does not have to be sought from the individual.
4. Accuracy of Data and Keeping Data up to Date
Dr PSG has a responsibility to ensure that clients’ information is kept up to date. Clients will be expected to let Dr PSG know if any of their personal information changes.
5. Accountability and Governance
Dr PSG is responsible for ensuring that his practise remains compliant with data protection requirements and can provide evidence that it has. For this purpose, those from whom data is required will be asked to provide written consent. The proof of this consent will then be securely held as evidence of compliance.
6. Secure Processing
Dr PSG has a responsibility to ensure that data is both securely held and processed. It includes:
• using strong passwords for information held within computer systems
• using password protection on laptops and PCs that contain or access personal
• using password protection or secure cloud systems
• providing adequate virus-protection and firewall software to secure computer-based
7. Subject Access Request
Dr PSG’s clients are entitled to request access to the information that is held by them. The request needs to be received in the form of a written request to Dr PSG. On receipt of the request, the request will be formally acknowledged and dealt with within 21 days unless there are exceptional circumstances as to why the application cannot be granted. Dr PSG will provide a written response detailing all information held on the individual and a record made of the request and the date of the answer.
8. Data Breach Notification
Where a data breach to occur, an action shall be taken to minimise the harm. Dr PSG will inform any clients where he believes their personal information has been compromised. Where necessary, the Information Commissioner’s Office will be notified.
If a client contacts Dr PSG to say that they feel that there has been a breach by Dr PSG, he will ask the client to provide an outline of their concerns. If the initial contact is by telephone, Dr PSG will ask the client to follow this up with an email or a letter detailing their concern. The concern will then be investigated thoroughly, and a response made to the patient. Breach matters will be subject to a full investigation and recorded and all those involved notified of the outcome.
Policy review date: Every three years
identity of, an individual.
What personal information do I collect?
In order to treat you, I will ask you to provide certain information. It includes:
• Date of birth
• Home address
• Email address
• Telephone number
• Medical history
• Your story
To this, over time, I will add details of the conditions for which you have consulted me and the remedies and other therapies that I have prescribed or recommended.
How do I collect this personal information?
All the data collected is obtained directly from you. It is usually at the point of your initial consultation. The data is collected at the initial and subsequent meetings. I will also request that you provide consent for me to store and use your data. Your consent is required to ensure my compliance with data protection legislation. Subsequently, I will add to this initial information with details of the consultations you hold with me.
How do I use this personal information?
I use your personal information to analyse the conditions for which you have consulted me and to prescribe remedies and other therapies. I will communicate with you by email, other digital methods, by telephone and by post.
With whom do I share your personal information?
I do not share your personal information unless you ask me to.
How long do I keep your personal information?
I need to keep your data for as long as you continue to consult me. Since patients often return for more consultations after a period of absence, I will keep your information for nine years after your last meeting. In the case of children, the requirement is until nine years after their 18th Birthday, i.e. 27 years old. At that point, any digital information will be erased from my computer and back up systems.
How your information can be updated or corrected
To ensure that I have accurate and up-to-date information, you need to inform me of any changes you believe I should make to the personal information I hold. You can do this by contacting me by any of the methods previously described.
Under data protection legislation, you have the right to inspect the personal information I hold about you. You can request to do so by contacting me, and I will endeavour to respond within 21 working days.
How do I store your personal information?
My patient files are only in electronic format. I take steps to protect your personal information against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification.
Your email address, if you have one, is held securely on the servers of my email providers. Changes to this policy
This policy may change from time to time. If I make any material changes, I will make you aware of them.
Contact If you have any queries about this policy, need it in an alternative format, or have any complaints about my privacy practices, please contact me:
Policy review date: Every three years.