What GDPR Means for Healthcare Organisations
“Healthcare organisations should already be doing 70-75% of the points outlined in the GDPR” – Dawn Monaghan, Head of Data Sharing and Privacy (NHS England), Head of Strategic IG (NHS Digital) and Director Information Governance Alliance.
Healthcare Associations including the NHS are the data controllers and are responsible for ensuring the security and appropriate handling of very sensitive data. By treating UK citizens’ data in ways that individuals would reasonable expect and has a minimal impact on privacy, implied consent for direct care can be used as the lawful basis for processing, for example a GP sharing patient data with a consultant.
If a healthcare organisation intends to use the data for other purposes, such as marketing, then formal consent may be needed. As such, this must be expressly confirmed in words and a record must be kept to evidence who consented, when, how and what they were told.
Under the Right to be Informed the individual will need to know how their data will be processed. This information should be concise, intelligible, easy accessible, free of charge and written in plain language, therefore it is recommended this is included within your privacy policy. It should also contain how the data subject can withdraw consent.
Processing Live Chats under GDPR
Click4Assistance is a data processor, meaning your organisation as the data controller will retain ownership of your data.
The solution is developed and hosted within the UK on Click4Assistance owned servers. Security by design is deep-rooted within the system and is reflected within our security policies; therefore any data processed or stored is never transmitted outside of the UK.
Functionality within the solution also enables compliance with the rights outlined under GDPR. Under the right to be informed, your privacy policy should include information about the data that may be collected using the chat for website system. This can contain name, email address, customer number etc. and should also mentioned the use of cookies to enable the communication tool.
The Click4Assistance solution is fully customisable allowing any link, such as your privacy policy, to be added to the chat window. This means that visitors can easily access the information at any point during the chat session. A checkbox can also be included on the visitor facing windows enabling individuals (the data subject) to share their consent where necessary; alternatively a statement can be provided during the chat. These will be stored against the chat record and can be used as evidence.
The rights of access and to data portability give consumers the power to request their personal data and supplementary information to use for their own purposes. Whereas the right to erasure / to be forgotten outlines that the data subject can request their data is deleted when there is no compelling reason for continued processing.
Administrators with authorised permissions can easily search stored data within the system, using various filters to identify the relevant record(s). This allows them to export the data in readable formats (pdf, excel, CSV), email it directly to the data subject or delete records.
Click4Assistance ensures we comply with GDPR when processing data to help you provide a secure service to your online visitors. For further advice regarding data protection and the new regulation contact our team on 01268 524628.
We have been supplying chat for website software for over 10 years; our customers include NHS National Services Scotland, CWP NHS and BMI Healthcare. For more information on their implementations and how the communication channel can benefit your organisation, email
