On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force, reflecting the importance of data protection in an increasingly digital world. It is important for the Academy for Healthcare Science (AHCS) that the personal information of registrants, our partners, our customers and our own staff is handled in accordance with GDPR.
The new regulation replaces the existing patchwork of directives and national legislation and brings a degree of long-anticipated consistency to the data protection landscape in Europe.
GDPR embodies the well-recognized privacy principles of transparency, fairness, and accountability. GDPR also seeks to introduce a risk-based approach that enables innovation and participation in the global digital economy while respecting individual rights.
The AHCS is committed to protecting and respecting personal data, no matter where it is from or where it flows.
What is the AHCS doing to be GDPR-ready?
As Data Controller we are responsible for complying with the relevant requirements under the GDPR in respect of the personal data that we hold in connection with all contractual relationships. We are taking steps to ensure that we meet these requirements by 25 May 2018.
As part of our continuous focus on information security and data privacy we are getting ready for GDPR through a managed programme of activities in the following areas:
- Policies and procedures
- Information Security
Reviewing and improving our information security framework, ensuring that incident response processes remains effective and that confidentiality, integrity and availability of personal information is assured through appropriate technical and organisational measures
- Information Governance
Mapping our data and identifying what we have, what we are doing with it, where it is, where it flows, and who has access to it. We classify data based on risk and sensitivity in context.
- Privacy by Design
Integrating data protection, privacy, and security requirements into our system, project and development methodologies.
- Third party management
Ensuring that the AHCS’s partners and suppliers are best able to meet their obligations with respect to data privacy and establishing transparent arrangements through appropriate information sharing agreements.
Our data protection governance arrangements and privacy approach will ensure that our operations are subject to continuous review to maintain alignment with GDPR. As we complete our preparations the information provided here will be updated periodically.
You will find more detailed information about how we look after your personal data when you visit our website and use the registration system (regardless of where you visit from) and about your privacy rights and how the law protects you in our Privacy Notice .