GDPR (& BREXIT)

Find out more

GDPR after BREXIT

On 28 June 2021 the EU issued a GDPR adequacy decision confirming that the UK provides adequate protection for personal data transferred from the EU to the UK. This decision lasts until June 2025.

This means that the way KQH ensures compliance with GDPR continues to be effective for all EU data.

What is GDPR?

The General Data Protection Regulation came into force on May 25th 2018
It is the new legal framework for dealing with personal data of EU residents
All those who process personal data of EU residents will be required to demonstrate that they comply with GDPR
As we deal with data as part of our business, particularly health data (sensitive) and sometimes patients (vulnerable) it is especially important for KQH to understand and comply fully with GDPR

Key Changes

GDPR applies regardless of which country you are based in – Anyone who is collecting, storing and processing the personal data of EU residents is required to comply

There is an expanded definition of personal data – anything that contributes or links to identifying an individual will be included

Greater liability – for both Data Controllers and Data Processors. Higher fines for non-compliance – up to 4% of global turnover of €20 million

Risk based accountability – Contracts, Privacy Notices, Risk Assessment and Record Keeping need to be updated to comply

New and strengthened individual rights – including the Right of Access, To Be Forgotten and Data Portability. We have to promote these rights to the individuals on whom we hold data

How KQH has ensured compliance

Completed full audit of our data processing
Actioned amendments to procedures, forms and contracts as needed to mitigate / reduce risk
Embedded privacy by design and default into all our projects
Appointed a DPO (Data Protection Officer) whose role is to ensure data protection compliance
Trained all directors and staff on implications of GDPR
Registered with the ICO, who will be our lead data protection supervisory authority