The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. The regulation also extends the scope of EU data protection law to all foreign companies processing data of EU residents.
The GDPR came into force on 25th May 2018 - and even though the UK is due to leave Europe in the next 12 months, it will still apply to all businesses handling EU residents' data, effectively replacing the Data Protection Act 1998.
The GDPR legislates eight data rights for individuals:
Right to be informed – You must be clearly informed when your data is collected and the purpose for which it is intended.
Right of access – You must be allowed to view the data companies have gathered on you.
Right to rectification – You have the right to correct erroneous information about yourself in a company’s data records.
Right of erasure – You have the right to request the deletion of personal data held on you, although this right is not absolute.
Right to restrict processing – You can request the suppression of your personal data file, or restrict its processing.
Right to data portability – You have the right to take the data a company has collected on you and share it elsewhere, eg. to get a better customer deal.
Right to object – You have the right to object and prevent your data being used for particular purposes, eg. for direct marketing. This right is superseded by legal claims.
Rights related to automatic decision-making – You may only be profiled with your explicit consent, where this is necessary to enter into a contract or where such processing is authorised by the state.
As healthcare professionals we have always taken protectection of your personal data extremely seriously.
Our online questionnaires are written by and maintained by STAAG Consultants only. No one outside of our group is involved in collecting or reviewing your data.
The website we use to collect your data (SurveyGIzmo) is compliant with the EU's GDPR (General Data Protection Regulation) and also with HIPAA (the Healthcare Insurance Portability and Accountability Act) which is the American national standard required to collect healthcare information, as there is no current UK equivalent.
The links to this STAAG website and to all of our online questionnaires are all secure links (https). The data you enter is encrypted and it is only accessible only by us.
To ensure that STAAG is compliant with GDPR, we have followed the advice issued by the Information Commissioner's Office (ICO) to all UK companies. Their guidance can be found here.
Please see below for our full Privacy Notice (PN) and Data Processing Map: