As we’re sure you know, the General Data Protection Regulation (GDPR) comes into force on 25th May.
This newsletter is to let you know what’s changed at the IBD Registry to be compliant with the new regulations.
URGENT! Agreements for Data Sharing & Data Processing – ACTION NEEDED NOW
Firstly, this is a really important one. If your Trust submits data to us, then we need a Data Sharing Agreement with you (at the point of submission, that data becomes shared with us). If you use our Webtool, then we need a Data Processing Agreement with you (you own the data but we process it for you within the Webtool). If you do both, you need both Agreements.
If you are one of our named Trust contacts or Clinical Leads then we will have sent these Agreements to you. They are headed ‘URGENT – Registry GDPR Data Agreement’. Please look in your Inboxes and forward them straight away to the most senior person in your organisation responsible for signing and returning GDPR agreements.
Contact us urgently on [email protected] if your Trust doesn’t seem to have been sent one – at this stage, we would rather send out to too many people than too few.
Our Mailing List – What Kind of User Are You?
We use our mailing list to stay in touch (typically, webtool and quality accounts news, plus general news and updates) with our clinical community, our Webtool users, Trusts and other groups that we are working with in one way or another and, anyone who is interested in what we are doing. To align with GDPR, we will be more closely looking at the elements of the newsletter/similar mailings that are directly to do with providing the Webtool and Quality Accounts services, and which are more general news and information related to what the IBD Registry does. How we contact you in future depends on ‘what kind of user’ you are:
- If you are a Webtool or Quality Accounts user, we hold your details for the purpose of being able to stay in contact with you for the provision and support of those services. (In GDPR terms, our lawful basis for holding your contact details is ‘contract’)
- If you are a Webtool or Quality Accounts user, we also hold your details for the purpose of being able to send you more general news and information related to what the IBD Registry does, because we think that you will be interested in it. However, if you are not, you can opt-out at any time from this. (In GDPR terms, our lawful basis for holding your contact details is ‘legitimate interest’)
- However, if you are in the ‘I’m an individual interested in what you are doing’ group – then we will need your opt-in consent to continue to email you our news and newletter. (In GDPR terms, our lawful basis for holding your contact details is ‘consent’.)
What do you need to do?
If you are an existing user (as above), you’ll stay on our mailing list, but you have the right to opt-out – just email UNSUBSCRIBE; our Privacy Policy (on our website) has more details for this. You don’t have to do anything right now to stay on the mailing list. If you are an individual reader who would like to carry on receiving news and updates like this from the IBD Registry, we need your consent. Please either
- Click this link and press send, OR
- Update your consent on the signup form
Once you’ve consented you’ll continue to receive all the latest updates, including our upcoming plans, information on the biologics audit and much more. If you don’t know what kind of user you are (or you disappear off our mailing list when you weren’t expecting to) – just contact us!
Updated our resources for sites to make them ready for GDPR
Our patient consent and information materials are being reviewed and updated in line with the GDPR. These resources will be available from 25th May 2018. You’ll be able to find them on our website, request them by email or we can post hard copies to you. This is a minor change to the posters and consent forms – they are fundamentally the same as before. The difference is that we have legally changed from being part of the BSG to being our own independent company, IBD Registry Ltd, and this, in turn, means that the IBD Registry legally becomes the Data Controller, and the poster and forms changes are to reflect the Ltd entity. The Patient Information Leaflet has more changes in it, to make it compliant with GDPR requirements.
The Clinical Audit Platform – part of the Data Controller changeover
Not actually part of GDPR, but follows on so nicely from the above paragraph we thought that we should put it here. As part of the Data Controller being switched over from the BSG to IBD Registry Ltd, the upload to the Clinical Audit Platform has been paused while all the paperwork for this is being processed. When the Data Controller transfer is complete, the Clinical Audit Platform will re-open again. We’re sorry that we don’t have a target date for this, but we very much anticipate it being before the next quarter-end submission deadline.
Our Registry website
We’ve updated our website privacy and cookie policy. A summary of the personal and non-personal data collected on our website can be found in our new Privacy Policy on our website.
Any questions and what you can expect from us
We’ve written to the clinical lead at each participating site with the specific information you need. If you’re not sure whether you’ve received your information pack, let us know – contact us.
Liz Dobson
Chief Executive Officer
Dr Fraser Cummings,
IBD Registry Clinical Lead
Dr Stuart Bloom,
IBD Registry Chair