Data Protection & Commitment to GDPR

Patient Portal is GDPR compliant. We promise to safeguard your data.


flare

Empower

Strengthen individual's rights to protection of their data

lock

Secure

Keep pace with technology, and enhance protection against unwarranted use of personal data

group

Unify

Harmonize data protection laws inside and outside the European Union


The regulation ecompasses steps to be taken in all areas of protecting an individual's privacy -- setting up security mechanisms, compliance, repercussions of breach and more. Non-compliance beyond the enforcement date, is liable to attract heavy penalties.

Committed to protecting our customers personal data, St Vincent's Clinic Medical Imaging & Nuclear Medicine is here to help customers and end-users understand the significance of the GDPR, its requirements and our allegiance to comply to global standards.


Frequently Asked Questions


  • What is personal data?
    Any information relating to an identified or identifiable natural person ('data subject'). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as - name, email address or location, and also online identifiers like IP address, types of website cookies and other device identifiers.

    For eg: Support tickets carrying personal data like name, location, social identity for purposes to record and solve an individual's support requests; CRM software collecting online identifiers to learn prospect activity on from the company website/product.
  • Who are data controllers, processors and sub-processors?
    A data controller is the entity/person that determines purposes and means of processing personal data of the EU resident. For eg. St Vincent's Clinic Medical Imaging & Nuclear Medicine is a data processor and St Vincent's Clinic Medical Imaging & Nuclear Medicine customers are controllers of the EU resident's data.

    The GDPR applies to both data controllers and processors. Controllers collect data from the end-user that is the EU resident, for purposes clearly stated and with appropriate consent. Data processors provide services to the controller in accordance with each controller's instructions. Processors also use data collected to perform benchmarking analysis, so that it can sell further services allowing controllers to compare their data to industry averages.

    Another category called sub-processors or third-party businesses performing data processing for other companies are also accountable for protection of personal data, according to the GDPR.
  • Who is a Data Protection Officer (DPO) and does my business need one?
    The DPO is responsible for informing employees of their compliance obligations as well as conducting monitoring, training, and audits required by the GDPR. A DPO needs to be appointed if you:
    • process large amounts of personal data
    • carry out large scale systematic monitoring of individuals or,
    • are a public sector authority
  • Can​ ​we​ ​use​ ​St Vincent's Clinic Medical Imaging & Nuclear Medicine ​products​ ​before​ ​you are​ ​fully​ ​compliant?
    Yes, you can confidently continue with all St Vincent's Clinic Medical Imaging & Nuclear Medicine products as we are currently in the process of achieving compliance. The regulation approved by the EU parliament in April 2016 provides businesses an adapting period of 2 years until the enforcement date of May 2018. Preparing for GDPR is a company wide challenge involving large amount of time, resources and expertise.
  • How does my business benefit by complying with the GDPR?
    The GDPR helps restore consumer trust by acting as a central authority governing rules of data protection and rights across the EU. The new law allows businesses to undertake opportunities in the digital market while protecting an individual’s fundamental rights.

    Businesses can capitalize on opportunities through:
    • Cost savings and less complicated policy management by dealing with 1 law, not 28. This otherwise required expenses and efforts dealing with regulations for each member state locally.
    • Consistency in practice of data protection measures both in and outside the EU. This is because the same regulation applies to all businesses, regardless of where they are based out of.
    • The regulation enables innovation to flourish under the new law.
  • What​ ​do​ ​you​ ​mean​ ​by​ ​‘Right​ ​to​ ​be forgotten’?
    Individuals have the right to have their personal data deleted, in the event that it is no longer needed. ‘Right to be forgotten’ is in support of - freedom of expression.
  • Does​ ​the​ ​GDPR​ ​require​ ​EU​ ​data​ ​to​ ​stay in​ ​the​ ​EU?
    No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfer of personal data outside the EU.

    Data transfers from the EU to outside can be legitimized in many ways including
    • EU-US Privacy Shield
    • Model or Contractual clauses
    • Binding Corporate Rules (BCR)
  • What​ ​does​ ​GDPR​ ​mean​ ​by​ ​“data protection​ ​by​ ​design​ ​and​ ​by​ ​default”?
    Data protection​ ​by​ ​design​ means, ensuring only that personal data which is required is collected, and also incorporate privacy features and functionality into products and services from the time they are first designed.

    Data protection​ ​by​ default means, businesses must implement appropriate measures to mitigate privacy risks at the time of collection of the data, as well us by extending it at the time of processing it.