GDPR - GPC - Blog 16
16 Blog Sixteen, Those you employ
Its not just the patients! As GPs some of us are running the businesses and that means employing staff we have GDPR to think about as employers. Our staff, the doctors, nurses, managers, receptionists and typists as our DSs too. They have rights too. Their rights need to be observed.
What are those rights?
Well as with everything else in GDPR your rights are linked to the lawful basis for processing, for instance if your data is being processed under consent you do not have the right to object to processing, there’s no point, you just withdraw your consent. If your data is being processed according to a legal obligation, you can object but its not guaranteed. If you give data to a DC you can have it back in a portable format, but only if you supplied it to the DC personally, and or it was consented freely and or it was processed by automated means.
So our employee data is held for legal reasons, CQC and HMRC to name but two?
So consequentially our employees rights under GDPR are…..
the right to be informed directly and via Privacy Notices
the right of access, SARs and TSARs
the right to rectification of incomplete or erroneous data
and the right to request a block on processing during rectification
but other rights do not apply
the right to be forgotten, HMRC, forgotten, wouldn’t we all!
the right to data portability, no, not if we are processing the data under a legal obligation.
And that’s it
Well that is short. I reckon by now you will be pretty up to speed on GDPR things general and specific so no need to dive too deeply in this blog. Its now 2:40 am and I have one more to write, Blog 17 Consent, wish me luck, with a bit it will be there by 9am 16/4/18.
Dr Paul Cundy
GPC IT Policy Lead
16th April 2018