GDPR Guidance in 2017

There’s nothing like a new year to focus the mind on self-improvement. And from a data protection perspective, there’s something about the arrival of 2017 that makes the implementation of GDPR in May 2018 seem so much closer.

Consistency across the EU is one of the key drivers of the GDPR, and the Article 29 Working Party – the body that currently brings together the DP authorities across Europe – is leading the way developing guidelines on some of the key aspects of the law.

Full article text available via Information Commissioner’s Office Blog, 02/17/2017.

Gerald Oppenheim: Why We Are Launching Guidelines on Data Consent

Charities and their data have had a slightly fraught relationship of late, with the Information Commissioner’s Officer issuing 2 monetary penalty notices and 11 further notices of intent, all concerning how charities are managing their data.

This is important. Charities are in a highly privileged position when it comes to data. Most businesses would envy charity databases and the detailed, extensive information they hold. This creates opportunities, but also threats.

While charities are privileged to have all of this data, they also have a clear responsibility. Public trust in the sector is now rebuilding after the problems that came to light in 2015, however we all know how easily it can collapse and the Fundraising Regulator is continuing to receive a considerable number of complaints from members of the public.

A few stories about charities abusing their donors’ data could be fatal and undermine all the good work that is being done now to put things right. We have seen how important privacy and consent is to donors and members of the public, making the issue of data particularly pressing.

Tomorrow, the Fundraising Regulator will be playing a prominent role at the Fundraising and Regulatory Compliance Conference. The conference has been organised by the ICO, the Charity Commission for England and Wales and the Fundraising Regulator. Along with speaking and hosting a workshop, we will be launching a set of guidelines for charities on how they can best manage their data.

Full article text available via Civil Society , 02/20/2017.

Continuing Impact of the EU-U.S. Privacy Shield on Health-Care Data Transfers

The EU-U.S. Privacy Shield data transfer program will have a substantial impact on how many U.S. companies will be able to receive data from Europe and on how data can be transferred and used, the author writes, noting that although some health-care companies may find the program useful, others may be unable to participate or find compliance too difficult.

Health care used to be local. You went to the neighborhood doctor for your physical or to a pediatrician for your kids. If something went wrong, there was a local hospital. You got insurance, if at all, through your employer, who likely went through the local Blue Cross Blue Shield plan. These entities were all independent, and data sharing between these entities was largely limited to sending in claims information so doctors could get paid.

As with most industries, times certainly have changed. Your doctor is part of a large physician group. Your hospital is owned by a national conglomerate. The health insurer may have merged several times. Managed care has made data even more important, and increased movement towards “accountable care” and risk sharing have exploded the need to share data. At the same time, we now have electronic health records, personal health records, health information exchanges, mobile applications, wearables and more, all collecting and sharing our health information, for a broad variety of public and private purposes.

Full article text available via Bloomberg BNA, 01/25/2017.


To learn more about analytics at Bentz Whaley Flessner, check out BWF Insight,

Share This