Posts Categorized: GDPR

GDPR Myths and Questions #4 – Explicit Consent

Why we don’t think explicit consent is necessary. There are some sources advising osteopaths that they must get patients to sign that they can give you their health data. At Mint we think that obtaining explicit consent for collecting health data is unnecessary (and so does the Incormation Commissioner’s Office) and here is why: Explicit consent is not appropriate for health data because it is not possible for patients to withdraw consent. If a patient does not consent to their data being processed in the clinic the osteopath is unable Continue Reading »

GDPR Myths and Questions #3 – Consent and Lawful basis

You need to identify the lawful basis you are using for processing someone’s personal data – i.e. your justification for processing that data. There are 6 different lawful bases that you may use, for any given set of data. One of these is consent, but there are others too – e.g. ‘contract’ (valid if someone’s personal data needs to be processed to fulfil your contractual obligations, or because they’ve asked you to do something before entering into a contract, such as provide information). This is completely separate from your consent Continue Reading »

GDPR Myths and Questions #2

Another GDPR question and a concern.. To encrypt or not to encrypt? A question has been raised whether passwords are sufficient or do you need to encrypt your computers and phone? I think I would first of all wind back a bit and ask whether you have secure passwords on all your devices? If you don’t then that is your first plan of action. There are detailed arguments for and against encryption but I would make sure you have good security in place anyway before you even begin to consider Continue Reading »

GDPR Myths and Questions #1

This is the start of a weekly series of blog posts answering some of your questions and addressing some of the myths around GDPR. I’ll be posting some memes and a brief video on facebook each week too, summarising this information. So let’s get straight to this weeks items: 1) Yes you do have to comply with GDPR – 25th May 2018, the law comes into force for everyone. I’ve seen people quote part of the GDPR stating that because we have less than 250 people in our organisations we Continue Reading »