GDPR is the most important change in data privacy protection for 20 years. It will reshape the way organisations approach data handling, and give individuals more rights over information held about them, particularly around access to it and control over how their information is used.
The Data Protection Bill, currently going through parliament, will seek to ensure that post-Brexit the UK is able to guarantee adequate data protection so that the free flow of data between Britain and the EU can continue.
As well as having profound implications for health care providers, the GDPR will affect organisations like the RCN, which process thousands of interactions and transactions every day, generating vast amounts of information. Under the GDPR, breaches could result in fines of 4% of annual turnover, up to £17 million.
Breaches could result in fines of 4% of annual turnover, up to £17 million
The RCN online training package will equip you with the knowledge and skills you need to ensure you are GDPR-compliant.
The training is vital: members trust the RCN to manage their personal data safely and to use it only in ways they have agreed to.
Top ten tips for GDPR
- Know what data you have and why you have it. If you don’t need it, delete it.
- Don’t keep stuff just because it might be useful. Delete old emails and folders you no longer need.
- Don’t use your work email for RCN business. If you don’t have an RCN email address, set up a separate, easily identifiable email address in Hotmail or Gmail.
- Complete the RCN online training by 25 May.
- Don’t keep your own member lists. All communication to members should be through the member communications centre (MCC), your branch or local office. If you don’t have access to the MCC, arrange your access and training through your local office and use your branch or local office to send your email communications in the meantime.
- Record all case work on the RCN case management system.
- Use the document viewer on the steward’s portal (see below for more information).
- If RCN work isn’t related to a case, remember it’s still good practice to keep it secure.
- You can continue to use social media groups, but remember these are broadcast mediums so never use identifiable information.
- The fact that someone is a member of the RCN must not be revealed without explicit consent. Being a member of a trade union is classified as a special category of personal data and this is as sensitive as medical records.
The training will give you a comprehensive understanding of the GDPR and should take no more than an hour. Getting it done as soon as possible will help you feel confident in your activity as an RCN rep and will prepare you for any questions members have about how the RCN uses their data.
After the GDPR comes into force on 25 May, new casework will only be allocated to stewards who have completed the online training.
As part of the RCN’s preparations for the introduction of the General Data Protection Regulations (GDPR), we’ve introduced a document viewer on the steward’s portal. When you open the document in the portal it will open in the document viewer rather than as a Word or PDF document, email attachment or uploaded file. This will protect you from accidently downloading and saving any documents to your local drives.
“We’ve introduced the viewer to help keep members’ data secure,” says Jonathan Bowker, RCN Member Representation and Support Programme Lead. “It’s a simple way to prevent sensitive member data from not being password-protected or being stored on local drives that can be used by others, which is a risk which we need to prevent.”
You’ll still be able to search for specific words or terms when using the new viewer.
Find out more
The Information Commissioner’s Office (ICO) has produced a comprehensive guide to the GDPR.
Alongside the guide, the ICO offers details of “12 steps to take now” and a checklist to help prepare for the GDPR.
See also guidance on the GDPR and the NHS on the NHS Digital website.
- Let's be sociable - how social media can help further your reach
- A new community of reps - an RCN initiative valuing the work of reps