The new EU General Data Protection Regulation (GDPR) came into force in May 2018.
In addition to the questionnaire from the Bavarian State Office for Data Protection Supervision, the questionnaire from the State Office for Data Protection in Mecklenburg-Western Pomerania is now intended to help medical practices in particular to implement the new regulations.
The questionnaire shows in 6 chapters how far the medical practice has come so far with the implementation of the GDPR.
Above all, however, the questionnaire shows which points the medical practice should rework.
Questionnaire deals with all central topics of the GDPR
The questionnaire of the mv-Landesamt deals in detail with questions relating to the implementation status of the central topics of the GDPR.
In particular, the questionnaire informs the medical practice about the permissibility of data processing.
The need for a data protection officer is also underlined, be it by training one of the company’s own employees as a data protection officer or by appointing an external data protection consultant.
Questionnaire for more transparency in the GDPR
The questionnaire of the mv-Landesamt also draws the attention of medical practices to the possibility of data protection through technology design.
It is particularly important for a medical practice to use pseudonymization or encryption procedures when processing data records.
The retention period also plays a fundamental role in the GDPR, which has now come into force.
It is also very important for a medical practice to document all security measures, especially those taken to protect patient data.
Medical practices are to be helped with implementation
The questionnaire also focuses on dealing with risks and responsibility in difficult cases.
In a particularly comprehensive section, the questionnaire refers to the requirement for transparency in data processing vis-à-vis the patient.
According to the mv state office, the questionnaire is intended to provide medical practices and the state office itself with an initial overview of how the GDPR is being implemented locally.
At the same time, this should help the state office to assess the need for advice and provide more detailed information on certain topics.
Legal assistance recommended
However, the questionnaire is not only intended to help with implementation.
Rather, it provides the medical practice concerned with an assessment of what the audit of compliance with the GDPR could look like.
Of course, the questionnaire does not cover all important points in the necessary depth.
It is therefore recommended that all medical practices seek support from data protection consultants during implementation.
This will ensure that all new requirements are observed and that there are no gaps in this area.