The session consisted of case studies, question and answer sessions and covered the interplay between data protection and the GDPR changes. This extended to the need for the speed of the regulatory framework to catch up with the speed of technological change in order to discourage the commercialization of personal data. We also discussed how to collect and process personal data and what action plans we should have in place for our services. The highlights of the session for me were the six principles of data protection and the six grounds for lawful processing.
|
DATA PROTECTION PRINCIPLES
|
GROUNDS FOR LAWFUL PROCESSING
|
|
Lawful, fair and transparent
|
Contractual
|
|
Specific, explicit and legitimate
|
Legal basis
|
|
Adequate, relevant and not excessive
|
Vital interests
|
|
Accurate and kept up to date
|
Public interest
|
|
Kept for no longer than necessary
|
Legitimate interest
|
|
Processed securely
|
Consent
|
It is important to distinguish the need for consent from the other lawful grounds as it is the only one that requires the data subject to actively opt-in. An interesting note was that although individual personal emails constitute personal data, corporate emails do not so it's worth making that distinction. If you use a system which creates a handicap to compliance, change it. It needs to work for you and not the other way around. There were handouts provided and references to other helpful sources. There's a lot of technical jargon muddying waters in some sources which in no way allays my concern of how to equip frontline staff, particularly Library Assistants, with the skills to ensure they comply with the regulations in their day to day practice. I have found some comfort in the content and straightforward language at https://naomikorn.com/blog/ which I have now shared with my team in the hopes of filling in the blanks and making the transition a gradual process.
I am in no way a GDPR expert but I did have some notions confirmed and some misconceptions corrected. I left more confident than I arrived with an action plan sure to make me the least favourite person on my team for a few weeks. I'll need to soften 'em up with lots of chocolate and biscuits. My take home has been the need for experienced information professionals to apply a degree of reasonableness (Naomi's description) i.e. ask ourselves what we consider to be a reasonable expectation from the person who has entrusted us with their personal data. Some things will clearly be right and others will clearly be wrong whilst there will be grey areas. I say stay as far away as you can from what doesn't fall into the clearly right category and you should be fine.
It's also Health Information Week #HIW2018 and I have been tasked with organizing and promoting events. It happens to coincide with NHS70 and I used the opportunity to team up with the Trust Charity who are celebrating with Big7Tea parties. They have cake and we have sources of good quality health information. It's a match made in heaven. I also put together a looped PowerPoint for our local library to promote health and digital literacy, healthy lifestyles, mindfulness, and relaxation on their big screen. Thanks to the templates on the Knowledge for Healthcare blog, I also tailored some posters and promotional materials.
@Healthinfoweek is fast approaching @bhamcommunity. Health literacy levels are known to impact on health outcomes so join us to look at avenues for improving it #HIW2018 pic.twitter.com/mjj8gDYeaI— Smallwood Library (@smallwoodlib) 25 June 2018
In other news, the team that brought you the Development Needs Analysis is getting back together. Yes, you heard right. Team DNA is back. Commitment, gluttons for punishment or just missing each other (I think quite a bit of the latter LOL). We'll be working together over the next couple of months to get the next survey for the development needs of the NHS Library workforce ready for next autumn. It's gonna be great.
Go Team DNA #HEELKS pic.twitter.com/grh0XLfkFj— Abimbola Alayo (@abombolo) June 26, 2018
