FAQs – GDPR for Vets
This information is Connected Vet’s interpretation of the UK GDPR legislation as it stands and should not be relied on as a legal basis for action.
What is the GDPR?
The UK General Data Protection Regulation (UK GDPR) replaces the Data Protection Act 1998. It places greater accountability on how organisations handle personal data. It was enforced on 25th May 2018 and was simply called The GDPR. Since Brexit, its name has changed to the UK GDPR and the legal framework remains substantially the same.
What can my practice do to be compliant?
Connected Vet recommend three routes to compliance:
- Self-serve – Take our GDPR for Vets course, learn what you need to know and build on our experience
- Supported – Book our consultancy service and let us do the heavy lifting
- Unassisted – Do it all yourself, but use our tick-list to help get you started
As a small business are we exempt from the GDPR?
No. All veterinary practices process personal data (clients, employee and suppliers) and you will have to comply with the UK GDPR regardless of your practice size.
What information does the legislation apply to?
TheUK GDPR applies to ‘personal data’, which means any information relating to a living, identifiable person who can be directly or indirectly identified from this data.
Did Brexit make any difference?
Whilst there have been a few minor changes, the UK GDPR as it is now known retained the core framework and provisions of its forerunner, the EU GDPR.
Will my practice still be able to use our marketing database?
From the audits that Connected Vet have completed with small to medium veterinary practices, it is unlikely that marketing communications will be able to be lawfully sent to clients without significant changes. In most cases, the data is not up to date, client permissions are incomplete, consent is non-compliant and there is a lack of knowledge of the functionality available within the PMS.
If we do nothing, can we still send treatment reminders?
Unlikely. Most practices do not have valid consent in place or are not clear on the legal basis and processes they should use for these marketing communications.
What is classed as marketing communications in the context of a vets?
This is quite broad and covers practice news, vaccination and treatment reminders, and promotions. Practices can still communicate with clients for opening times, appointment reminders and invoicing, which would fall under the servicing of a contract.
Do we always need consent?
Not always. Consent can be difficult for a practice to administer and there are other legal bases that may be more appropriate and effective for your business.
Does the UK GDPR only apply to UK organisations?
No. The UK GDPR applies to processing carried out within the UK, but it also applies to organisations outside the UK that process the data of individuals in the UK.
What are the big changes from the Data Protection Act?
There are quite a few significant changes. See our free GDPR for Vets – Overview course. It’s free and will get you up to speed on the changes and your practice’s obligations under the UK GDPR.
Difficult Question?
This information is Connected Vet’s interpretation of the UK GDPR legislation as it stands and should not be relied on as a legal basis for action.