General Data Protection Regulation (GDPR) 

The General Data Protection Regulation (GDPR) comes into effect on May 25th 2018.

The purpose of the Regulation is to ensure transparency, security and accountability by data controllers and to strengthen the rights around data privacy.

While the new Regulation will bring increased responsibilities, many of the concepts and principles of GDPR are much the same as existing data protection regulation and much of your current approach to data retention will remain valid under GDPR.

However it is important to stress that GDPR does introduce new elements and enhancements which will require detailed consideration.

A significant amount of material has been published to help guide people in meeting their obligations.

The ICO would like to highlight a number of guides to our members that include step-by-step advice on how best to prepare:

  1. This is a link to the website published by the Data Protection Commissioner. It has a very useful 12 step guide.
  2. A 'Guide for Preparing your Organisation' includes a very useful template to help you work through the various aspects of the regulation.
  3. The following document details the regulation and steps to ensuring you are compliant:
  4. The MPS has published guidance, found at this link:
  5. This link to information published by the RCSI provides guidance as to how individual practitioners could ensure that their private practice is compliant with the regulations. The guidance draws heavily on the work of the Data Protection Working Group of the ICGP who have produced an excellent set of guidelines as a service to GPs and their patients. 
  6. The following link, available through Vision 2020 e-resource, provides an overview of Medical Legal Aspects in Ophthalmology (Irish Law having its own implications)