GDPR Practices / Surgeries / Therapy Checklist

GDPR practices for practices, surgeries and therapists.

GDPR is EU law on data protection and privacy for all EU citizens which went into effect May 25, 2018.

Checklist to helps you think about how you need to handle clients personal data. Personal data is defined as any information related to a person that can be used to directly identify them. These include anything from a name, photo, email address, bank details, medical information, or even a computer IP address.

Understand your General Data Protection Regulation Compliance Responsibilities.

There are other website legal pages that might be needed check out our website legal pages checklist.

*GDPR ( General Data Protection Regulation)

GDPR Practices Checklist

Consent Noticeable

Make the request for consent noticeable.

Easy to Understand

Use clear, plain english so easy to understand.

Explain Reason

Inform the patient why you need the data and what is going to happen with it.

Options Available

Give options for consent to different purposes of data use and processing.

Who Has Access

Specifically name practice and any other third parties people or businesses who will use thethe data from giving consent.

Withdrawal of Consent

Inform the patient they can withdraw consent at any time.

Process of Withdrawal

Make the process of withdrawal clear and easy

Any withdrawal of consent must happen as soon as possible

Refresh Consent

Process to regularly review and refresh consent.

Update patients of processing and purposes of data use.

Not Condition of Service

Do not make consent a precondition to service

Do not use pre-ticked boxes

GDPR Practices / Surgeries / Therapy Checklist