GDPR: 4 Letters Vets Should Know before May 2018

Maybe you’ve read about the General Data Protection Regulation in the news, or maybe your practice management software provider has recently asked you to assent to revised Terms and Conditions. Whatever the reason, you’re probably wondering what GDPR is and what it means for your vet practice.

Effective May 2018, the General Data Protection Regulation (or GDPR) is a big step towards harmonizing the patchwork of national laws that currently cover EU member states, and it introduces changes that impact owners of small businesses like veterinary practices that collect and process personal data. According to the EUGDPR website, “The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.”

May 2018 may seem like a long way away, but the truth is it’s closing in fast. If this is the first you’ve heard of GDPR, or if you thought this new set of regulations doesn’t apply to your industry or your business, be sure to read this article and the resources linked to within it.

What will GDPR mean in practice for Animana users and other vet practice owners? What follows are the answers to some basic questions vets may have about GDPR, as well as resources for finding more information specific to your country.

What is GDPR?

The GDPR will replace the patchwork of national laws that currently regulate the data protection standards in the European Union.

In general, it’s important to note that more responsibility will be placed on the shoulders of ‘data controllers‘ – entities like your practice which collect and use personal data for the basic running of their business – as well as on data processors like IDEXX Animana that process your and your customers’ data on your behalf.

When, where, and to whom does GDPR apply?

GDPR will go into effect in May 2018.

One of the biggest changes introduced by the new regulation is its increased territorial scope. Whereas the previous set of laws was country-specific and often created confusion for organisations working across national borders, the new regulation applies to any business that uses the personal data of EU residents.

What happens if I’m not in compliance?

The penalties under GDPR are steep. You can find additional information on penalties on the EUGDPR website.

What about Brexit?

For specific details on Brexit and GDPR, keep an eye on the UK Information Commissioner’s Office (ICO) guide on what to expect and when.

What does GDPR mean for Animana?

As a data processor, Animana processes personal data on your behalf, and is thus also subject to compliance with GDPR.

While the functionalities of Animana won’t change, the fine print we’re required to provide about those functionalities will. GDPR requires data controllers and data processors to have a Data Protection Agreement in place describing the rights and obligations of each party. Therefore, in order to be ready for  GDPR implementation, Animana has updated its General Terms and Conditions (GTC), and prepared a stand-alone Data Protection Agreement (DPA). If you’re a practice owner or practice manager, you’ll soon be receiving a copy of both the updated General Terms and Conditions and the stand-alone Data Protection Agreement from Animana.

Where can I learn more about GDPR and how it will affect my practice?

Your best source of up-to-date and accurate information is the EUGDPR website.

For more specific information on the GDPR and its applications to the United Kingdom, see the information at the UK Information Commissioner’s Office. For information on GDPR in the Republic of Ireland, check the Irish Data Protection Commissioner.

Last but not least, you should be in regular contact with your legal advisor as relates to GDPR as soon as possible. Don’t wait until May to start preparing!