This blog post aims to pull together some of the key resources for health libraries relating to GDPR.

What is GDPR?

General Data Protection Regulation (GDPR) is new data protection legislation that creates a single set of rules that better protects personal information for people across the EU.  It comes into effect on 25th May 2018.  The aim of GDPR is greater transparency, enhanced rights for citizens and increased accountability.

What does it mean for libraries?

Organisations will be held far more accountable for the data they hold.  As well as records of what personal data exist within the organisation, GDPR requires a documented understanding of why information is held, how it is collected, when it will be deleted or anonymised, and who may gain access to it.

Since libraries work mostly with users and process personal data such as addresses and staff details, they need to be GDPR compliant.

Richard Brigden, Knowledge Systems Manager, richard.bridgen@hee.nhs.uk, Library and Knowledge Services and Technology Enhanced Learning, HEE Midlands and East, has produced a GPDR statement for NHS libraries that highlights the key points and what action is required by librarians.  He has also shared an Example Privacy Notice and Membership Declaration and an Example Library Registration Form.

Is there any training available?

CILIP are running a half-day training event, developed by Naomi Korn Copyright Consultancy. More info here.

Gil Young, gil.young@hee.nhs.uk, NHS LKS Development Manager – North West, is organising GDPR training events running in Manchester and Newcastle for NHS library staff in the North of England.

Where can I find out more?

CILIP: Make sure you’re ready for GDPR CILIP members can also download a free GDPR guide produced by Naomi Korn at this link.

 

Tagged: Data protection, GDPR