
GDPR Practices / Surgeries / Therapy Checklist

GDPR practices for practices, surgeries and therapists.
GDPR is EU law on data protection and privacy for all EU citizens which went into effect May 25, 2018.
Checklist to helps you think about how you need to handle clients personal data. Personal data is defined as any information related to a person that can be used to directly identify them. These include anything from a name, photo, email address, bank details, medical information, or even a computer IP address.
Understand your General Data Protection Regulation Compliance Responsibilities.
There are other website legal pages that might be needed check out our website legal pages checklist.
*GDPR ( General Data Protection Regulation)
GDPR Practices Checklist

Consent Noticeable
Make the request for consent noticeable.

Easy to Understand
Use clear, plain english so easy to understand.

Explain Reason
Inform the patient why you need the data and what is going to happen with it.

Options Available
Give options for consent to different purposes of data use and processing.

Who Has Access
Specifically name practice and any other third parties people or businesses who will use thethe data from giving consent.

Withdrawal of Consent
Inform the patient they can withdraw consent at any time.

Process of Withdrawal
Make the process of withdrawal clear and easy
Any withdrawal of consent must happen as soon as possible

Refresh Consent
Process to regularly review and refresh consent.
Update patients of processing and purposes of data use.

Not Condition of Service
Do not make consent a precondition to service
Do not use pre-ticked boxes
Related Checklists

Data Protection Impact Assessment (DPIA) Checklist
Data Protection Impact Assessment (DPIA) identifies and minimise risks from data processing. Help you analyse, identify and minimise any data

GDPR – General Data Protection Regulation Checklist
General Data Protection Regulation (GDPR) applies to any company that transacts with European Union citizens. The European Union (EU) is

GDPR Practices / Surgeries / Therapy Checklist
GDPR compliant how to handle personal data