Practice Manager Issue 17

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

Manager Practice

PRIVACY NOTICE CHECKLIST The GDPR places emphasis on the documentation that data controllers must keep in order to demonstrate accountability. You should document what personal data you hold, where it came from and who you share it with. When you collect personal data you have to give people certain information, and in the context of personnel records you would have to provide that information to all of your employees. The following general checklist will provide a template for doing so. More information could be added if required.

What should be included? • Who is collecting the information (i.e. the name of the data controller and the data protection officer)? Normally the data controller will be the legal entity, which would be the practice name. The data protection officer would be the named person who is the contact for queries; probably the practice manager or an identified GP.

• What personal information do you hold?

• How is the information collected? • Why is it collected? • How will it be used? •

Who will it be shared with?

• What will be the effect of this on the individuals concerned?

•

Is the intended use likely to cause individuals to object or complain?

• What are you doing to ensure the security of personal data?

•

Information about employee’s right of access to their data.

• What is the retention period for the data?

How should the checklist be presented? •

yee data WWW.MDDUS.COM

Use clear, straightforward language.

• Adopt a style that your employees will all understand.

• Don’t assume that everybody has the same level of understanding as you.

• Avoid confusing terminology. •

Be truthful.

Once you have your privacy notice • Test your draft privacy notice with users.

• Amend it if necessary. • Roll it out to everyone. • Review and update as necessary.

The privacy notice doesn’t have to be one big document. If it becomes too unwieldy, you might consider using a layered approach where key privacy information is provided immediately and more detailed information could be provided elsewhere, such as on your shared drive. The important thing is to make sure you have been transparent and provided accessible information to your employees, as this is a key element of the GDPR.

13

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16