In less than a month the General Data Protection Regulation, or GDPR, will come into effect throughout Europe.
This sweeping new privacy regulation poses stringent requirements on businesses of all sizes everywhere that collect personal information such as names, addresses and telephone numbers of European citizens and residents. This means that not only software providers like IDEXX Animana will be faced with new data security standards, but also that businesses like veterinary practices will need to pay careful attention to stay in compliance with these new laws.
In ensuring that our practice management software continues to meet the highest privacy and data security standards, IDEXX Animana is working hard to make sure your practice management system is the least of your concerns with GDPR.
Handling GDPR requests in Animana
As this new law comes into effect, you may receive different kinds of requests from your customers or from government entities. Luckily, Animana has features that can help you handle such requests.
Here are some of the most common GDPR-related actions you may need to carry out and how to perform them in Animana:
- What can we as a practice do to ensure our data is stored safely? Data safety is a broad topic with many points to consider in your vet practice. See our article on cyber security best practices for vet clinics for detailed tips on how to keep your data and your customers safe.
- How do we execute right of access? Our Data Protection Agreement (see below) provides you with an overview of information stored within Animana. If necessary, it’s possible to show your clients what personal data you store and deliver this information to your customers in an acceptable format by creating a PDF of client and patient history.
- How do we execute right to rectification? Animana allows you to edit and save personal information at the request of the customer.
- How do we execute the right to object to direct marketing? In the Client Data tab, you can check the option for ‘exclude from marketing’. This ensures the customer is removed from your mailing list.
- How do we execute right to erasure or right to be forgotten? It’s possible to anonymise data in Animana by removing traceable client and patient data. Anonymised records can be kept for reporting purposes. Whether and under which circumstances data can be removed is up to your practice to decide, as you may need to retain certain data to comply with local financial or tax regulations. Please contact your legal advisor before you decide to delete any client information.
- How do we execute right to data portability? If a customer requests data to be sent to any third party, it’s possible to create a PDF export of the client and/or patient history and send this directly to the third party. To determine what information you are allowed to transfer to third parties, be sure to consult your legal counsel or your government data protection authority.
- How do we execute the right to object to automated decision making and profiling? You won’t need to worry about this in Animana, as no aspect of the program makes use of automated decision making or profiling.
- How do we ask for consent for storing information and direct marketing? Consult your government data protection authority or your legal counsel to determine whether you need consent for storing information and direct marketing. While we’re unable to provide a template for asking for consent, Animana does have a built-in content manager, which you can use to create letters, e-mails or text messages to ask for consent from your customers.
Animana takes GDPR seriously
As a data processor, one of Animana’s responsibilities is ensuring that we provide you with a data-secure environment in which to conduct your business. That’s why we continue to invest in technical and organisational measures that ensure the highest level of data security for vet practices working with Animana.
Some of the actions we’ve taken to prepare Animana for GDPR include:
- GDPR Steering Committee. IDEXX has a central committee dedicated to making sure that Animana adheres to both the letter and the spirit of GDPR. This committee includes our Chief Compliance Officer, as well as the IDEXX Chief Security Evangelist, who joined our team over a year ago to help us meet our data security goals. This committee ensures that everything we do with Animana is done with data security in mind.
- Regular internal audits and security scans. We’re constantly evaluating and re-evaluating data security in Animana. With each new software release, we carefully assess Animana’s technical infrastructure to ensure there are no gaps in security, helping protect your clinic from risks.
- Inventory of personal data processing. To ensure that we continue handling your clinic’s data responsibly, we have conducted an inventory of all personal data processing activities, including not just Animana but all IT assets within IDEXX that contain personal data. This way we know how data is being collected and what it’s being used for, helping us ensure that these processes keep privacy in the forefront.
- Audit of facilities. We’ve had our office locations thoroughly audited for physical safety of data. We keep our premises fully secure, which keeps your data and your customers’ data secure.
Helping vet practices to comply with GDPR
We like to think of ourselves not only as a software provider, but also as a partner in working towards your practice’s success. That’s why we’ve taken the lead in helping Animana clinics work towards compliance with GDPR in the following ways:
- The Data Protection Agreement. GDPR demands that the data processor (IDEXX Animana) and the data controller (your clinic) have an agreement in place that specifies how data is collected, used and protected. Last year we composed our Data Protection Agreement (DPA) with Animana clinics, one of the biggest steps on the road to compliance for vet practices. Has your practice signed the DPA yet? Click here for more information.
- GDPR homepage. It’s easy to get overwhelmed by the flood of information about GDPR as the 25th of May continues to inch closer. That’s why we’ve created a handy GDPR homepage on our website, with links to resources from government entities as well as our own articles on topics like data security for vet practices. On this page, you’ll also find a list of frequently asked questions about GDPR compliance and Animana’s new Data Protection Agreement.
- Continuously providing up-to-date information via our customer newsletter, Facebook and LinkedIn pages. For everything from official policy documents, to convenient infographics, to web articles on data security best practices, follow us on these channels and stay up to date!
Still have questions about GDPR and what it means for your clinic?
With the 25th of May just around the corner, now is the time to make sure you’re informed and that your practice is ready for GDPR.
Not familiar with GDPR yet? A good starting point would be the GDPR homepage on the Animana website, where you can get a brief overview and find links to useful documents and websites.
For more specific information on requirements for your vet clinic under GDPR, the UK Information Commissioner’s Office (ICO) is your best source of accurate information.
And lastly, with any questions regarding Animana and how we’re working to ensure the safety of your clinic’s data, never hesitate to reach out to Animana Customer Support.