General data protection regulation

At Clanwilliam Health we have spent the last two years preparing for the General Data Protection Regulation (GDPR) to make sure that all of our data processing is compliant with the new regulations.

What is the GDPR?
The new General Data Protection Regulation (GDPR) comes into effect on the 25^th May 2018. The GDPR has been designed to protect how the personal data of EU citizens are collected, processed and stored. GDPR covers a range of individual rights including the right to be informed, to have access and to rectify personal data, as well as valid lawful basis for processing data including consent and legitimate interest. For more information on GDPR please visit the Information Commissioner’s Office (ICO) .

Data Processing Agreements
In order to comply with the GDPR and the Data Protection Act, we have created a Data Processing Agreement (DPA) for our customers.

Under GDPR, Clanwilliam Health is a data processor (processing personal data on behalf of the controller), and our customers are data controllers (determines the purposes and means of the processing of personal data). The processing of personal data is governed by a written contract as part of GDPR. Our DPA agreements include:

• The standard contractual clauses required by GDPR.
• Details of the organisational and security measures that Clanwilliam Health undertakes in order to seek to safeguard the data processed by Clanwilliam Health.
• Restrictions insofar as we will only process data in accordance with the written instructions of our customers, as data controllers.
• Details of how we will process our customers’ data in order to ensure that we meet our GDPR compliance requirements.
• The rights of our customers, as data controllers, to audit, inspect or retrieve data that is processed by Clanwilliam Health on their behalf.

How does RxWeb prepare our customers for GDPR?
RxWeb is a Patient Medical Record (PMR) system used for dispensing and clinical services for pharmacies and dispensing practices across the United Kingdom. RxWeb will process millions of patients’ personal data every single day; therefore, it is essential that our system is secure and safe. As the only web-based PMR system in the UK, RxWeb provides its customers to anytime, anywhere access to that data.

We understand that GDPR may cause a burden on our customers and we want to make sure we are following the correct processes and procedures to give our customers peace of mind. That is why we strive to follow all the GDPR guidelines and rules and will pay close attention to any changes within the law to adhere by these. RxWeb is also ISO 27001 certified which means our information risk management processes meet the best practice and have been independently checked and approved by an accredited auditing body.

Internal Procedures and Policies
Clanwilliam Health conducted a gap analysis in 2016 when GDPR was announced to ensure that our product, RxWeb, and other products within the business would be compliant with the new regulations. We launched a staff awareness campaign which utilises a GDPR management system to ensure that all staff received GDPR training and updates on the work we were doing. The training provides an audit functionality allowing us to make sure that all members of staff have completed all necessary training.

We also conducted a risk analysis across all of our data touchpoints, which allowed us to address and resolve any potential risks in advance of the GDPR deadline. We have encrypted all devices within the company to guarantee their security in the case of theft or loss. Clanwilliam Health have also signed Data Processing Agreements with all of our sub-contractors and suppliers to make sure that they are GDPR compliant.

Furthermore, we have looked at our marketing tools and techniques to make sure that they are GDPR compliant. On our websites, we introduced new privacy statements, a revised cookie policy and opt-in checkboxes for all contact forms, as well as an opt-out link in all of our email communications.

Clanwilliam Health have also recently appointed a full-time Data Protection Officer (DPO) who will be managing our compliance going forward. At Clanwilliam Health, we are fully committed to being GDPR compliant and we will continue to monitor any developments in the regulations and address them accordingly.

RxWeb is a Clanwilliam Health product.