Report suggests many clinics are unaware of GDPR

06 Nov 2017

A new report is claiming that aesthetic clinics are ignoring the implications of new data protection rules due to come into force on May 25 next year.

The report, put together by law firm Irwin Mitchell and practice management software company Consentz, highlights that only half (51%) of senior decision-makers in the sector are currently aware of the new General Data Protection Regulation (GDPR), according to a survey of 136 organisations operating in the medical and health sector. The survey, by YouGov and commissioned by Irwin Mitchell, also found that 38% of organisations are unaware of the new fines and 14% admitted they would need to make significant job cuts if they received the maximum fine. A further 22% admitted that smaller scale headcount reductions would be necessary.

Also highlighted in the survey results was that just 37% are certain that they would be able to detect a data breach, and only 29% are confident they would notify the relevant stakeholders within the required timescale of three days.

Michael Geary, CEO and co-founder of Consentz said, “I haven’t been asked about GDPR once yet by users or businesses which are interested in using Consentz. Awareness is low and this is worrying when you consider all the changes to how clinics will have to manage their data. I think it will be next year until conversations about GDPR compliance become common."

Stuart Padgham, partner and data protection expert at Irwin Mitchell, added, “These results are concerning because with next May’s deadline fast-approaching and with so much at stake, our study reveals there’s a very real possibility that a large number of organisations operating in the medical and health sector will not be compliant in time.”

Specialist lawyers at Irwin Mitchell believe the low level of awareness of GDPR is caused by a number of misconceptions that exist about the new rules, and say this has led to a level of complacency.

This view is supported by 30% of respondents in the sector claiming GDPR will have no impact and is not an issue for their sector. 


Log-in to post a comment