Data Protection Law

Data Protection Law

 GDPR and Data Protection Act 2018

The General Data Protection Regulation (GDPR) and the new Data Protection Act 2018 (DPA2018) both came into effect on 25 May 2018.

Data protection law applies to personal data held in electronic and paper form – i.e. not just computer records. It therefore applies to all optical businesses/practices. Data protection law does not apply to non-personal data.

Data protection law aims to strengthen citizens’ rights by putting more focus on demonstrating data security and clearer accountability. Both the GDPR and DPA2018 impose higher data protection requirements on those who process special categories of personal data. This includes, among other things, data related to health.

The Optical Confederation has published guidance to help the sector – including optical practices, manufacturers/suppliers/distributors, and employees – understand the new data protection rules and what you need to do. The guidance is in two parts:

  • Part One – What you need to know – provides a basic overview of the new data protection rules and what has changed.
  • Part Two – What you need to do – explains what steps you need to take.

Advice and information is also available from:

Information Commissioner Registration

The Data Protection Act requires every organisation – including optical practices – processing personal information to register with the Information Commissioner for data protection. There is a cost of £35 per year to register, which increases to £500 for companies with a turnover of £25.9 million and more than 249 members of staff.

Information Security Management – NHS Code of Practice

The Information Security Management guide, produced by the Department of Health, details the methods and required standards of practice in the management of information security for people/organisations who work within, under contract to, or in business partnership with NHS organisations in England. Further information regarding Information Security is also available on the Information Commissioners website.