GDPR Again, and One Unintended Consequence.
Before the start of the new GDPR on 25th May 208, I wrote a couple of blogs about the preparation that all businesses would be wise to have made.
Remind me what’s -GDPR? – It’s the Europe-wide General Data Protection Regulation.
The main purpose of the new Regulation is to protect data from misuse. To stop data about person A from being mishandled by person or organisation B who holds that data and to codify the rules as to what may, and what may not, be done with data held. And the fines which can be imposed for mishandling data have been massively increased. That is, MASSIVELY increased.
These have been the reason we have all been receiving emails along the lines of “Don’t Lose Touch – We Love You” – from companies which are seeking your consent to continue to send you advertising.
They think that they may fall foul of the new regulation if they continue to bombard you with emails without justification. And no doubt the easiest – most incontrovertible – justification for them to enter into their records and databases, is specific consent.
In fact, in many cases the new rules do not mean that no-one who has not positively requested an email can be sent an email.
If there is already a basis for contact between the sender and the receiver, for example between a Notary with his client, or colleagues in the provision of legal services then there is a legitimate interest to both me and you in sending these Blogs. –your own receipt of this email.
Your interest is to be updated as to legal matters relating [if sometimes obliquely] to the world of Notarial affairs, my interest is to disseminate my views on such matters and of course thereby maintain contact with you.
These emails are not the main thrust of the GDPR in any case – and if you decide you don’t want future emails then you can unsubscribe from mailings.
What GDPR is mainly about is to punish holders of data about you if they are careless with it. Or more precisely to frighten them so much about the consequences of losing or mishandling data that they don’t make mistakes in the first place.
If they do let your data get into the hands of criminals, you can be caused great damage. This might be financial – many people are careless with passwords. So if a, say, supermarket website has your passwords and loses them to a thief, these might be the same passwords you use for your bank account.
Or if a medical centre or police authority get hacked, details of a person’s mental health issues or criminal record could give rise to blackmail or the ruining of reputations.
As is usual with any new rules and regulations, there are unexpected consequences.
Here is one: The cost of obtaining medical records and notes from a Doctor.
If you have suffered an accident or an assault or otherwise been hurt, proving the extent of your injury is an important part of any claim you may want to make. Any insurance company will require to see medical evidence that you are hurt.
It used to be that you would have to pay your doctor about £50 or so – sometimes a lot more in a complicated case – to get your medical notes released.
Now, as the person (“the Subject”) about whom your Doctor (“the Data Holder”) holds those notes you have the right under the GDPR to be provided with all of those notes free of charge. It is called a Subject Access Request – SAR.
This is causing a lot of fuss in professional circles. Doctors are having to do a lot of work for no money. It is not just a matter of pressing “print” on their computers. Your notes may include reference to other people. Those references will have to be deleted – redacted – or else in complying with an SAR from one patient, the Doctor will be breaching GDPR in respect of another person’s data. Complicated and time consuming.
It is possible that Doctors are, and will be, now required to prepare more SARs than they ever were, even for people who have no injuries or potential court cases. Some people just like to read their own medical records, and now it is free, well, there you go.
Then there is the misapprehension reported in the Law Society Gazette, that some Doctors think that Solicitors are now getting these Medical reports free but are continuing to charge their clients the same £50 as before. Which is nonsense of course, but unhappy folks sometime do talk nonsense.
The reality is that GDPR is making Doctors work on preparing their reports for no money.
Doctors have no choice. They cannot opt out of holding the patients’ data, it is essential that a Doctor must know a patient’s medical history and the idea of keeping that data in their heads or in a card index system is a non-runner. So they must accept that they are Data Holders.
And if they are Data Holders, they are subject to the GDPR. It’s the Law.
In fact the saving here is entirely to the benefit of Insurance Companies. If no money is paid to Doctors for records, then the Insurance won’t have to reimburse claimants for those payments.
Ironic that, since it is Insurance Companies by and large, who refuse to believe that anyone is an honest claimant who is actually injured, and who are the only party demanding to see the medical records in the first place.
I don’t think it was ever actually the intention of the GDPR drafters that Doctors should be required to work harder for less money, for the benefit of Insurance Companies.
Unintended consequences. Here’s a Wiki link.
I didn’t know about the Great Plague measure of 1665 in London. Due to the incorrect belief that the dogs and cats in the city were carrying the Plague, they were killed on sight. In fact it was the rats that had the plague, and the dogs and cats would have killed the rats, given the chance of, you know, being alive themselves.
As ever, if you require our services or if you have any queries on any of the services that we offer then please so not hesitate to email us firstname.lastname@example.org and email@example.com.
Or alternatively please telephone on 0113 8160116 or 07715608747. Please also visit our website http://www.atkinsonnotary.com