In May 2018, the EU General Data Protection Regulation (GDPR) replaces the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).
Our GDPR Principles are:
• Data is processed fairly and lawfully
• Data is processed only for specified and lawful purposes
• Processed data is adequate, relevant and not excessive
• Processed data is accurate and, where necessary, kept up to date
• Data is not kept longer than necessary
• Data is processed in accordance with an individual’s consent and rights
• Data is kept secure
• Data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection
CMC Imaging Ltd currently complies with applicable data protection regulations and is committed to GDPR compliance across its relevant services when the GDPR takes effect May 25, 2018. CMC Imaging Ltd has established a dedicated team to oversee our GDPR readiness. Our ongoing compliance efforts include:
CMC Imaging Ltd is reviewing where and how our relevant services collect, use, store and dispose of personal data and updating policies, standards, governance and documentation as needed.
Working in conjunction with our healthcare clients and patients, CMC Imaging Ltd is reviewing our contractual commitments and updating as needed to directly address GDPR requirements. CMC Imaging Ltd is also reviewing its supplier contracts to ensure GDPR compliance at every stage.
CROSS-BORDER DATA TRANSFER
CMC Imaging Ltd will ensure our contractual commitments meet the requirements to legally transfer data from the EU to the rest of the world under applicable law.
EMPLOYEE TRAINING AND AWARENESS
All CMC Imaging Ltd employees must complete data privacy and security training. We will supplement existing training modules with GDPR-specific content. In addition to these training requirements, CMC Imaging Ltd conducts ongoing awareness initiatives on a variety of topics, including data protection, security and privacy.
CMC IMAGING HEALTHCARE CLIENTS AND PATIENTS
Compliance with the GDPR requires a partnership between CMC Imaging Ltd and our healthcare clients in their use of our applicable services. In this context, CMC Imaging Ltd generally will act as a data processor and our healthcare clients generally will act as data controllers. Working together, we hope to explore opportunities within our relevant service offerings to assist our clients and patients to meet their GDPR obligations. In the meantime, CMC Imaging Ltd encourages clients and patients to independently familiarize themselves with the GDPR.