On 1st January 2021 the UK GDPR legislation came into force, reflecting the importance of data protection in an increasingly digital world. It is important for the Academy for Healthcare Science (AHCS) that the personal information of registrants, our partners, our customers and our own staff is handled in accordance with GDPR.
The new regulation replaces the existing patchwork of directives and national legislation and brings a degree of long-anticipated consistency to the data protection landscape in Europe.
GDPR embodies the well-recognized privacy principles of transparency, fairness, and accountability. GDPR also introduces a risk-based approach that enables innovation and participation in the global digital economy while respecting individual rights.
The AHCS is committed to protecting and respecting personal data, no matter where it is from or where it flows.
What has the AHCS done to be GDPR Compliant?
As Data Controller we are responsible for complying with the relevant requirements under the GDPR in respect of the personal data that we hold in connection with all contractual relationships. As part of our continuous focus on information security and data privacy we have undertaken a managed programme of activities in the following areas:
- Policies and procedures
- Information Security
Reviewed and improved our information security framework, ensuring that incident response processes remains effective and that confidentiality, integrity and availability of personal information is assured through appropriate technical and organisational measures
- Information Governance
Mapped our data and identified what we have, what we are doing with it, where it is, where it flows, and who has access to it. We classify data based on risk and sensitivity in context.
- Privacy by Design
Integrated data protection, privacy, and security requirements into our system, project and development methodologies.
- Third party management
AHCS has ensured that its partners and suppliers are best able to meet their obligations with respect to data privacy and establishing transparent arrangements through appropriate information sharing agreements.
Our data protection governance arrangements and privacy approach ensure that our operations are subject to continuous review to maintain alignment with GDPR.
The AHCS contracts out a number of functions which require it to share limited personal data with the companies concerned. The sharing of such data is strictly controlled according to necessity and always in compliance with GDPR. Organisations which support the work of the AHCS in this way are themselves contractually required to comply with GDPR in where appropriate to the data concerned particularly in relation to the use of sub processors and are also required to co-operate with any audits and inspections required by the AHCS.
You will find more detailed information about how we look after your personal data when you visit our website and use the registration system (regardless of where you visit from) and about your privacy rights and how the law protects you in our Privacy Notice.