6. What safeguards are in place to ensure data that identifies me is secure?
I only use information that may identify you in accordance with GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
Within the health sector, I also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. I will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
I also ensure the information I hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). I ensure external data processors that support me are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
I am registered with the Information Commissioner’s Office (ICO) as a data controller and collect data for a variety of purposes. A copy of the registration is available through the ICO website (search by business name).