FAQs – GDPR for Vets
This information is Connected Vet’s interpretation of the GDPR legislation as it stands and should not be relied on as a legal basis for action.
What is the GDPR?
The General Data Protection Regulation (GDPR) is replacing the Data Protection Act 1998. It places greater accountability on how organisations handle personal data. It was enforced on 25th May 2018.
What can my practice do to be compliant?
Connected Vet recommend three routes to compliance:
- Self-serve – Take our GDPR for Vets course, learn what you need to know and build on our experience
- Supported – Book our consultancy service and let us do the heavy lifting
- Unassisted – Do it all yourself, but use our tick-list to help get you started
As a small business are we exempt from the GDPR?
No. All veterinary practices process personal data (clients, employee and suppliers) and you will have to comply with the GDPR regardless of your practice size.
What information does the legislation apply to?
The GDPR applies to ‘personal data’, which means any information relating to a living, identifiable person who can be directly or indirectly identified from this data.
Will Brexit make any difference?
No, the GDPR has been incorporated into the new Data Protection Bill 2018 which will ensure that Brexit has no impact.
Will my practice still be able to use our marketing database?
From the audits that Connected Vet have completed with small to medium veterinary practices, it is unlikely that marketing communications will be able to be lawfully sent to clients without significant changes. In most cases, the data is not up to date, client permissions are incomplete, consent is non-compliant and there is a lack of knowledge of the functionality available within the PMS.
If we do nothing, can we still send treatment reminders?
Unlikely. Most practices do not have valid consent in place or are not clear on the legal basis and processes they should use for these marketing communications.
What is classed as marketing communications in the context of a vets?
This is quite broad and covers practice news, vaccination and treatment reminders, and promotions. Practices can still communicate with clients for opening times, appointment reminders and invoicing, which would fall under the servicing of a contract.
Do we always need consent?
Not always. Consent can be difficult for a practice to administer and there are other legal bases that may be more appropriate and effective for your business.
Does the GDPR only apply to EU organisations?
No. The GDPR applies to processing carried out within the EU, but it also applies to organisations outside the EU that process the data of individuals in the EU.
What are the big changes from the Data Protection Act?
There are quite a few significant changes. See our free GDPR for Vets – Overview course. Its free and will get you up to speed on the changes and your practice’s obligations under GDPR.
Difficult Question?
This information is Connected Vet’s interpretation of the GDPR legislation as it stands and should not be relied on as a legal basis for action.