Power Diary and the GDPR (Updated 23rd May 2018)

23rd May 2018

New GDPR Features Implemented

We've released some new features to help you comply with your GDPR obligations.  Here's a quick summary:

‘Right to Access’ and ‘Data Portability’

A new ‘Single Client Data Export’ feature has been added.  This generates a copy of all personal data held in relation to a specific client and enable you to quickly respond to requests under the Right to Access and Data Portability provisions of the GDPR.  

 

‘Right to be Forgotten’

The ‘Delete’ client function has been updated to facilitate the complete and permanent removal of all data related to the client from the active database.  

 

Recording Consent

Client Record:

A new field has been added to the Client Record so that you can record your clients’ consent to collect and manage their personal information.  You can also use this to indicate if consent has been revoked.

 

Client Portal:

The T&Cs feature has now been expanded to require new clients to agree to your terms and conditions when first creating a profile via your Client Portal.  This will be released on the 24th May 2018.

We hope you enjoy these updates.  If you have any questions please do let us know.

- Damien

 

30th April 2018

Helping you comply with your EU General Data Protection Regulation (GDPR) obligations

 

What is the GDPR?

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. All affected organisations will need to comply with the GDPR by May 25th 2018.

 

Who does the GDPR Affect?

The GDPR applies to all companies or organisations processing and holding the personal data of people residing in the European Union, regardless of the company’s location.  This means that the GDPR is applicable to most Power Diary Account holders that are located in the EU, or provide services to people located in the EU.

 

What is ‘Personal Data’?

The EUGDPR (eugdpr.org) defines personal data as: ‘Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

 

How does Power Diary help you comply with the GDPR requirements?

Power Diary is designed to manage personal information and therefore was built from the ground up with privacy and security in mind. The GDPR refers to this approach as ‘Privacy by Design’ and means that many of Power Diary’s existing features assist you to meet GDPR requirements including:

 

  • Industry-leading physically and electronically Secure Data Centres
  • Encryption systems to protect data in transit between your computer and the Power Diary servers, as well as to protect your account from unauthorised access
  • User Activity Recording logs actions performed by each user, including patient files accessed.
  • Automated data backup systems
  • Granular, individually customised User access control
  • System-wide security monitoring processes

 

In addition, we are updating some features to make it even easier to comply with the GDPR.

 

‘Right to Access’ and ‘Data Portability’

A new ‘Single Client Data Export’ feature is being added.  This will generate a copy of all personal data held in relation to a specific client and enable you to quickly respond to requests under the Right to Access and Data Portability provisions of the GDPR.  

 

‘Right to be Forgotten’

The ‘Delete’ client function is being updated to facilitate the complete and permanent removal of all data related to the client from the active database.  Processes have also been implemented so that in the unlikely event that data needs to be restored from an archived backup that the data is removed from the backup up database.

 

Recording Consent

Client Record:

A new field is being added to the Client Record so that you can record your clients’ consent to collect and manage their personal information.  You will also be able to use this to indicate if consent has been revoked.

 

Client Portal:

Power Diary already enables you to have your client agree to your custom ‘terms and conditions’ when booking an appointment.  This feature will be expanded to require new clients to agree to your terms and conditions when first creating a profile via your Client Portal.

 

Behind the Scenes

We are appointing a Data Protection Officer (DPO).  A DPO is a person who works within an organisation and helps ensure it’s data management processes reflect best practice.

We’re also making a few updates to our Privacy Policy and T & C’s to let you see how we comply with the GDPR when handling your personal data. You’ll be alerted to these changes when logging in from 25th May 2018.


Questions?

We’re here to help.  If you have any questions please let us know - support@powerdiary.com