The General Data Protection Regulation, or GDPR, is Europe wide law due to come into force on 25th May 2018. It will replace the current Data Protection Act 1988. Whilst many of the new legislation’s main concepts and principles are aligned with the current DPA, there are new elements and significant enhancements to strengthen the data protection for individuals and also unify this across the European Union.
We have been working on being GDPR compliant since December last year. As an organisation handling very sensitive health data, we have always taken handling and protecting that data extremely seriously. We feel the improvements required are less for us than they would be for those in other industries. We have reviewed and are following the information commissioner’s office guidelines for implementing GDPR. The activity to date has been to
We are currently:
We have been conducting due diligence on our 3rd party suppliers regarding GDPR and are monitoring their statements regarding progress towards compliance. We are using a CREST certified penetration testing company to test our proprietary platforms.
ToHealth are fully committed to implementing full GDPR compliance by the 25th May 2018. ToHealth continue to maintain high standards in data privacy and protection and meet our obligations under the existing data protection act. ToHealth are compliant with the strict information governance and security requirements for connection to the NHS network (N3) and have passed the annual assessment for the last 7 years. As part of our ongoing activity to incorporate GDPR requirements in our security programme we are reviewing our current processes and procedures and updating them where necessary. We expect the review and any subsequent actions to be complete by May 2018.