• Home
  • About Us
  • Our Solutions
    • Care Monitor
    • Care Monitor Mobile
    • Care Monitor Audit
    • Care Monitor Opinion
    • Nursing Home Booking System
  • Our Vision
    • Evidence Based Assessment and Care Planning
    • Health Care Assistants Touch Screen
    • Human Resources
    • Quality Management
    • Risk Management
  • Support
  • Contact Us
  • Sonas Training

June 2019

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

By rivierabrian, 4 years ago
Recent Posts
  • Hello world!
Recent Comments
    Archives
    • June 2019
    Categories
    • Uncategorised
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    ADDRESS

    9 Grangebrook Avenue
    Rathfarnham
    Dublin 16
    Ireland

    CONTACT US

    Office: +353 1 494 1256
    Brian: +353 87 6873306
    Eamon:+353 85 8622515
    Eithne: +353 86 3382664
    Tom: +353 86 8750752
    Andrea: +353 86 8771496
    UK: +44 7530270201

    EMAIL

    brian@caremonitor.ie
    eamon@caremonitor.ie
    eithne@caremonitor.ie
    tom@caremonitor.ie
    andrea@caremonitor.ie

    DOWNLOAD BROCHURE

    Click here to download the brochure

    Care Monitor Ltd Data Protection Policy Download.

    Copyright (c) Care Monitor Limited 2019

    Please accept our terms and conditions
    This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
    Privacy & Cookies Policy

    Privacy Overview

    1.0 Policy Statement.
    It is the policy of Care Monitor Ltd. that at all times activities relating to the operation of its business
    will comply with data protection legislation.
    2.0 Purpose.
    The purpose of this policy is to outline the arrangements and processes in place to ensure that Care
    Monitor Ltd complies with its obligations under data protection legislation.
    3.0 Objectives.
    3.1.1 To ensure that Care Monitor Ltd is compliant with data protection legislation in all activities
    related to the operation of the business.
    3.1.2 To ensure that employees and third party contractors understand their responsibilities when
    carrying on any activities related to the business of Care Monitor Ltd.
    3.1.3 To ensure that customers are informed of the arrangements in place for Care Monitor Ltd to
    comply with its obligations under data protection legislation and any responsibilities of
    customers when accessing services from Care Monitor Ltd.
    4.0 Scope.
    This policy applies to the following:
    1. All employees and third party contractors providing a service to Care Monitor Ltd.
    2. Customers using the services of Care Monitor Ltd.
    The policy applies to all processing of personal data and special categories of personal data carried
    out by Care Monitor Ltd.
    5.0 Definitions.
    5.1 Data Subject.
    A data subject refers to an identified or identified living person (GDPR). It is the individual the personal
    data relates to (Data Protection Commissioner, 2017). In the context of this policy a data subject is
    any living person whose personal data is obtained and processed by the centre. For example
    residents, employees, residents’ representatives or family members whose personal data is obtained
    and processed by the centre.

    5.2 Personal Data.
    Personal data means any identifiable information relating to a living individual (‘data subject’). This
    means information by which the individual can be identified, directly or indirectly, in particular by
    reference to an identifier such as a name, an identification number, location data, an online identifier
    or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or
    social identity of that person (General Data Protection Regulation).
    5.3 Special categories of personal data.
    Refers to personal data revealing racial or ethnic origin, political opinions, religious or philosophical
    beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose
    of uniquely identifying a natural person, data concerning health or data concerning a natural person's
    sex life or sexual orientation.
    5.4 Genetic Data.
    ‘Genetic data’ means ‘personal data relating to the inherited or acquired genetic characteristics of a
    natural person which give unique information about the physiology or the health of that natural person
    and which result, in particular, from an analysis of a biological sample from the natural person in
    question;’ (General data Protection Regulation).
    5.5 Biometric data.
    Biometric data’ means ‘personal data resulting from specific technical processing relating to the
    physical, physiological or behavioural characteristics of a natural person, which allow or confirm the
    unique identification of that natural person, such as facial images or dactyloscopic (fingerprints) data’;
    (General data Protection Regulation).
    5.6 Data Concerning Health.
    ‘Data concerning health’ means ‘personal data related to the physical or mental health of a natural
    person, including the provision of health care services, which reveal information about his or her
    health status;’ (General data Protection Regulation).
    5.7 Data Controllers.
    A data controller is the individual or the legal person who controls and is responsible for the keeping
    and use of personal information on computer or in structured manual files. Data controllers can be
    either individuals or "legal persons" such as companies, Government Departments and voluntary
    organisations. Examples of cases where the data controller is an individual include general

    practitioners, pharmacists, politicians and sole traders, where these individuals keep personal
    information about their patients, clients, constituents etc https://www.dataprotection.ie/docs/Are-youa-Data-Controller/y/43.htm. accessed 11/04/2018.
    5.9 Processing
    ‘processing’ means ‘any operation or set of operations which is performed on personal data or on sets
    of personal data, whether or not by automated means, such as: collection, recording, organisation,
    structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,
    dissemination or otherwise making available, alignment or combination, restriction, erasure or
    destruction’ (General Data Protection Regulation).
    5.10 Disclosure
    Disclosure refers to the release of personal data or personal information to a third party outside of the
    original specified purpose of obtaining the data / information. (Data Protection Commissioner, 2013)
    5.11 Privacy
    In terms of personal health information, privacy can be described as the right of individuals to keep
    their information confidential and is a human right enshrined in both Irish and European legislation.
    (HIQA, 2017).
    5.12 Third Party
    ‘Third party’ means ‘a natural or legal person, public authority, agency or body other than the data
    subject, controller, processor and persons who, under the direct authority of the controller or
    processor, are authorised to process personal data; (General Data Protection Regulation).
    5.13 Consent.
    ‘Consent’ of the data subject means ‘any freely given, specific, informed and unambiguous indication
    of the data subject's wishes by which he or she, by a statement or by a clear affirmative action,
    signifies agreement to the processing of personal data relating to him or her’ (General Data Protection
    Regulation).

    5.14 Personal Data Breach.
    Personal data breach’ means ‘a breach of security leading to the accidental or unlawful destruction,
    loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or
    otherwise processed;’ (General Data Protection Regulation).
    6.0 Responsibilities.
    6.1 Care Monitor Personnel.
    6.1.1 Care Monitor Personnel have a responsibility to ensure that the processing of personal data
    and special categories of personal data is carried out in accordance with the legal and
    professional framework outlined in this policy.
    6.1.2 Care Monitor Personnel are not permitted to process any personal data unless the data
    subject has given permission or there is another legal basis for such processing such as to
    comply with one or more of the statutory obligations outlined in 7.1 of this policy.
    6.1.3 Care Monitor personnel must safeguard the confidentiality of all personal data accessed in the
    course of their work and must not disclose any personal data without the expressed
    permission of the data controller.
    6.1.4 Where, in the course of providing support services or training to a customer, a member of
    Care Monitor personnel is privy to personal data including special categories of personnel
    data, the member of Care Monitor personnel is not permitted to process or disclose this
    information to third parties.
    6.1.5 Where in the course of their work, a member of Care Monitor personal suspects that a personal
    data breach has occurred or becomes aware that a data breach has occurred, he/she must
    comply with the protocol for responding to a suspected or actual data breach outlined in this
    policy.

    6.2 Third Parties Acting on behalf of Care Monitor.
    6.2.1 Employees and personnel of Nursing Matters & Associates who carry out activities on behalf
    of Care Monitor Ltd must also comply with the requirements set out in 6.1 above.
    6.2.2 Other third parties, specifically Datastring and BigMind by Zoolz.have specific responsibilities
    to ensure that they process personal data and special categories of personnel data in
    accordance with legal requirements.
    6.2.2 Third parties must inform Brian O’ Neill without undue delay of any suspected or actual data
    breach related to personal data being processed on behalf of Care Monitor.
    6.3 Customers.
    6.3.1 In accordance with the contract between Care Monitor Ltd and a Customer, the Customer is
    the data controller and must ensure that he/she is entitled to transfer any personal data,
    including special categories of personnel data to Care Monitor for backup where there is
    service is part of the contract.
    6.3.2 Where personal data is being processed based on informed consent, the Customer must
    ensure that data subjects, whose personal data is transferred for backup have been informed
    of and have given their consent to same.
    7.0 Legal and Professional Framework for Records Management.
    7.1 Legal Basis for Processing Personal Data.
    7.1.1 Under European and national data protection legislation, processing of personal data is lawful
    only (referred to as the ‘legal basis’ for processing personal data) if and to the extent that at
    least one of the following applies:
    a) The data subject has given consent to processing his/her personal data for one or more
    specific purposes. This consent is subject to conditions outlined under
    b) The processing of the data is necessary for performance of a contract to which the person is
    party or to take steps at the request of the person prior to entering into a contract.
    c) Processing is necessary for the controller to comply with a legal obligation.
    d) Processing is necessary to protect the vital interests of the person or of another living
    person.
    e) Processing is necessary for the performance of a task carried out in the public interest or in
    the exercise of the official authority vested in the controller.
    f) Processing is necessary for the purposes of the legitimate interests pursued by the controller

    or by a third party, except where such interests are overridden by the interests or
    fundamental rights and freedoms of the data subject which require protection of personal
    data, in particular where the data subject is a child.
    7.1.2 In addition to the conditions outlined above, the processing of personal data is only lawful if it
    complies with the principles outlined in 6.5
    (Data Protection Act, 1988 and 2003; Data Protection Bill, 2018).
    7.2 Processing of special categories of personal data.
    Special categories of personal data refer to personal data revealing racial or ethnic origin, political
    opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic
    data, biometric data for the purpose of uniquely identifying a natural person, data concerning health
    or data concerning a natural person's sex life or sexual orientation. Processing of special categories
    of personal data is allowed only if it complies with the principles outlined in 6.4 and one of the following
    applies:
    a) The data subject has given explicit consent to the processing of the special category of
    personal data for one or more specified purposes (Data protection Bill, 2018).
    b) Processing is necessary for the purposes of carrying out the obligations and exercising
    specific rights of the controller or of the data subject in the field of employment and social
    security and social welfare law providing for appropriate safeguards for the fundamental
    rights and the interests of the data subject; (Data Protection Bill, 2018; General Data
    Protection Regulation).
    c) Processing is necessary to protect the vital interests of the data subject or of another natural
    person where the data subject is physically or legally incapable of giving consent; (General
    Data Protection Regulation) including to prevent injury or other damage to the data subject
    or another individual and to prevent loss, in respect of, or damage to property (Data
    Protection Bill, 2018).
    d) Processing relates to personal data which are manifestly made public by the data subject;
    (General Data Protection Regulation).
    e) Processing is necessary for the establishment, exercise or defence of legal claims or
    whenever courts are acting in their judicial capacity; (General Data Protection regulation)
    including for the purpose of obtaining legal advice or in connection with legal claims,

    prospective legal claims, legal proceedings or prospective legal proceedings (Protection Bill,
    2018).
    f) Processing is necessary for medical purposes and is carried out by or under the
    responsibility of a health practitioner or a person who in the circumstances owes a duty of
    confidentiality to the data subject that is equivalent to that duty of confidentiality owed by a
    health practitioner.
    g) Processing is necessary for the purposes of preventive or occupational medicine, for the
    assessment of the working capacity of the employee, medical diagnosis, the provision of
    health or social care or treatment or the management of health or social care systems and
    services on the basis of Union or Member State law or pursuant to contract with a health
    professional and subject to the conditions of professional secrecy (General Data Protection
    Regulation).
    h) Processing is necessary for reasons of public interest in the area of public health, such as
    protecting against serious cross-border threats to health or ensuring high standards of
    quality and safety of health care and of medicinal products or medical devices, on the basis
    of Union or Member State law which provides for suitable and specific measures to
    safeguard the rights and freedoms of the data subject, in particular professional secrecy;
    i) Processing is necessary for archiving purposes in the public interest, scientific or historical
    research purposes or statistical purposes in accordance with Article 89(1) based on Union or
    Member State law which shall be proportionate to the aim pursued, respect the essence of
    the right to data protection and provide for suitable and specific measures to safeguard the
    fundamental rights and the interests of the data subject.
    8.0 Principles relating to processing of personal data.
    Under European and national legislation, the centre is obliged to ensure that personal data is
    1. Obtained and processed fairly, lawfully and in a transparent manner in relation to the data
    subject.
    2. Information is collected only for one or more specified, explicit and lawful purposes
    3. Information is used and disclosed only in ways compatible with these purposes
    4. Information is kept safe and secure
    5. Information is kept accurate, complete and up-to-date

    6. Information is adequate, relevant and not excessive
    7. Information is retained for no longer than is necessary for the purpose or purposes and
    according to legal requirements.
    8. Data subjects e.g. Residents can have a copy of his/her personal data to an individual, on
    request, except in specific circumstances outlined in the legislation below.
    9.0 Professional Requirements.
    Nursing Matters & Associates who provide training services to clients on behalf of Care Monitor Ltd
    are also obliged to comply with professional codes, standards and guidance related to residents’
    personal information. These include:
    ■ Nursing and Midwifery Board of Ireland 2015 Recording Clinical Practice, guidance to Nurses
    & Midwives.
    ■ Nursing and Midwifery Board of Ireland 2014 Code of Professional Conduct and Ethics for
    Nurses & Midwives.
    10.0 Protocol for Obtaining and processing Personal Data by Care Monitor Ltd.
    10.3 Legal Basis for processing Customer data.
    10.3.1 Care Monitor Ltd obtains and processes Customer data for the following lawful reasons:
    1. The processing of the data is necessary to take steps at the request of the customer prior to
    entering into a contract, such as to send information about the software to the prospective
    customer and or to arrange a demonstration.
    2. The processing of the data is necessary for performance of the written contract to which the
    customer is party. Subject to the terms of this written contract, Care Monitor Ltd acts as a
    processor on behalf of and with the authorization of the customer, who is the controller for
    the data being processed.
    3. To comply with legal obligations under the Companies Act, 1990 and the Value Added Tax
    Consolidation Act, 2010.
    4. Processing is carried out with the consent of the customer in order to send information about
    products and services of Care Monitor Ltd.

    10.4 Categories of Data Subjects.
    Care Monitor Ltd obtains and processes information on both potential and actual customers for the
    purposes of entering into an agreement about the provision of services. As part of the provision of
    services to clients, subject to a signed contract between both parties, Care Monitor Ltd may also store
    personal data on the following data subjects:
    1. Customers.
    2. Staff who are designated by the client to act as a focal contact person between the client
    and Care Monitor Ltd.
    3. Employees of the Customer whose personal data has been entered into the relevant
    module of Care Monitor.
    4. Residents in the healthcare facilities owned and operated by customers.
    10.5 Categories of Data Processed.
    Care Monitor may process the following categories of data on behalf of Customers subject to the
    terms of the signed written contract:
    1. Personal data for clients, designated staff and residents.
    2. Special categories of personal data, which subject to the terms of the written agreement may
    be stored by Care Monitor Ltd on behalf of and under authorisation of the customer.
    11.0 Adherence to Principles of Data Processing.
    11.1 Obtained and processed fairly, lawfully and in a transparent manner in relation to the
    data subject.
    Following an initial enquiry from an individual about products and services and where the individual
    requests same, an email is sent to the individual with the required information. This email contains a
    link to Care Monitor Ltd.’s Privacy Policy.
    11.2 Information is collected only for one or more specified, explicit and lawful purposes.
    Personal data and special categories of personal data are collected only for those lawful purposes
    outlined in 6.3.1.

    11.3 Use and disclosure of personal data in ways compatible with these purposes.
    Care Monitor is obliged both under data protection legislation and the terms of the written contract
    between itself and the Customer to use and disclose personal data only in ways compatible with the
    purpose for which it was obtained. Customer data will be used only as required for the purposes of
    the performance of the contract agreed between the Customer and Care Monitor Ltd and subject to
    the terms of the contract. Additional processing for direct marketing purposes will only occur where
    the Customer has given explicit consent for such processing. This is facilitated through an email that
    is sent to each customer after the initial contact, which specifically asks for the customer’s consent to
    contact them in the event of new products and / or services being developed.
    We do not share customer details with any other third parties for the purposes direct marketing by
    those parties.
    11.3.1 Processing of Customer data.
    Personal data pertaining to Customers is stored in manual and electronic format and processed and
    accessed only by staff of Care Monitor Ltd or third parties acting on behalf of Care Monitor Ltd.
    Personal data of Customers may be shared with Ecovis accountancy services in order to assist Care
    Monitor Ltd meet its statutory obligation under the Companies Act, 1990 and the Value Added Tax
    Consolidation Act, 2010. Personal data and special categories of personal data obtained by the
    Customer from third parties, such as staff or residents may be stored for back up purposes by
    Datastring Ltd on behalf of Care Monitor Ltd, subject to the terms of agreement of the written contract
    between the Customer and Care Monitor Ltd. Staff of Care Monitor Ltd or third parties acting on
    behalf of Care Monitor Ltd are not authorised to process Customer data other than for the explicit
    purposes for which the data was obtained and the uses outlined in the written contract.
    11.3.2 Processing of Customer data relating to third parties.
    Where Care Monitor Ltd acts as a data processor for a Customer, it may lawfully process the personal
    data of third parties when authorised to do so by the Customer who is the data controller for such
    data. Where Care Monitor Ltd is requested to store third party personal data, under the terms of the
    written contract, the customer is required to ensure that it is lawfully entitled to authorise Care Monitor
    Ltd to store the relevant personal data on its behalf.
    3. Information is kept safe and secure.

    Personal data related to customers of Care Monitor ™ is stored on encrypted laptops and desktops
    of the staff of Care Monitor. Backups are stored securely and encrypted in a cloud backup maintained
    by Datastring LTD. and BigMind by Zoolz.
    Data relating to Staff and Residents, which may be stored on Care Monitor, is not stored by Care
    Monitor LTD, but rather by the customers. Some customers have access to our Cloud Backup service
    hosted by Datastring LTD which is encrypted before backup to their cloud.
    We may have access to data while installing, supporting or training our customers and their staff,
    however all Care Monitor staff and third parties acting on behalf of Care Monitor LTD are not permitted
    to store or disclose any of this information, unless specifically requested to do so by the customer’s
    data controller, and only with those persons specifically designated by the customer’s data controller.
    4. Information is kept accurate, complete and up-to-date.
    Customer data is obtained and processed as required where the data is necessary for
    performance of a contract to which the Customer is party or to take steps at the request of the
    Customer prior to entering into a contract. This information is provided by the Customer and only
    amended where the Customer informs Care Monitor Ltd of a change in information.
    Personal data including special categories of personal data relating to residents and / or staff is
    stored as part of an agreed backup service contract with the Customer as outlined in 3. It is the
    responsibility of the Customer as data controller to ensure that this information is kept accurate,
    complete and up-to-date.
    5. Information is adequate, relevant and not excessive.
    Information obtained from Customers is limited only to that information that is necessary for the
    performance of a contract agreed with the Customer, such as name, contact details and information
    for accounts.
    Personal data including special categories of personal data relating to residents and / or staff is stored
    as part of an agreed backup service contract with the Customer as outlined in 3. It is the responsibility
    of the Customer as data controller to ensure that this information is adequate, relevant and not
    excessive.
    6. Information is retained for no longer than is necessary for the purpose or purposes and
    according to legal requirements.

    Customer information obtained for the purposes of performance of a contract, including financial
    aspects of the contract are retained for a period of 6 years from the data of the last transaction or
    termination of a contract. There may be occasions where to comply with a legal obligation Care
    Monitor may need to retain information for a period of more than six years. Where these
    circumstances arise, the Customer will be informed beforehand.
    Personal data including special categories of personal data relating to residents and / or staff is stored
    as part of an agreed backup service contract with the Customer as outlined in 3. It is the responsibility
    of the Customer as data controller to ensure that this information is retained for no longer than is
    necessary for the purpose or purposes and according to legal requirements. Care Monitor will delete
    information only where requested to do so by the Customer as data controller of this information.
    7. Data subjects can have a copy of his/her personal data to an individual, on request, except in
    specific circumstances outlined in the legislation below.
    Care Monitor will make available to a Customer a copy of his/her personal data processed by the
    company on request in accordance with legislation.
    It is the responsibility of the Customer as data controller to make arrangements to meet the rights of
    data subjects with regard to access to their personal data including special categories of personal
    data. Care Monitor on request of the Data Controller will provide information on how to provide a copy
    of the data subjects personal information, including special categories of personal information stored
    using Care Monitor software.
    In the event of a termination of the contract between Care Monitor and the Customer, Care Monitor
    will do the following;
    1. Terminate any backups and provide the latest backup to the customer.
    2. Provide a read-only version of Care Monitor, so that existing data may still be viewed or printed
    by the customer or deleted according to their own data protection policies. Care Monitor will
    not retain any of the customers data stored using Care Monitor relating to the customer’s data
    subjects, and terminate its responsibility as data processor.

    13.0 Protocol for Responding to a suspected or actual personal data breach.
    13.1.1 A personal data breach is a ‘breach of security leading to the accidental or unlawful
    destruction, loss, alteration, unauthorised disclosure of, or access to, personal data
    transmitted, stored or otherwise processed’ (GDPR)
    13.1.2 “Destruction” of personal data is where the data no longer exists, or no longer exists in a form
    that is of any use to the controller (Article 29 Data Protection Working Party, 2018)
    13.1.3 “Damage” is where personal data has been altered, corrupted, or is no longer complete (Article
    29 Data Protection Working Party, 2018)
    13.1.4 “Loss” of personal data, is interpreted as the data may still exist, but the controller has lost
    control or access to it, or no longer has it in its possession (Article 29 Data Protection Working
    Party, 2018)
    13.1.5 Unauthorised or unlawful processing may include disclosure of personal data to (or access
    by) recipients who are not authorised to receive (or access) the data, or any other form of
    processing which violates the GDPR (Article 29 Data Protection Working Party, 2018)
    13.1.6 Breaches can be categorised as:
    1. “Confidentiality breach” - where there is an unauthorised or accidental disclosure of, or access
    to, personal data.
    2. “Integrity breach” - where there is an unauthorised or accidental alteration of personal data.
    3. “Availability breach” - where there is an accidental or unauthorised loss of access to, or
    destruction of, personal data. A breach will always be regarded as an availability breach when there
    has been a permanent loss of, or destruction of, personal data.
    13.1.7 Depending on the circumstances, a breach can concern confidentiality, integrity and
    availability of personal data at the same time, as well as any combination of these.
    13.1.8 A security incident resulting in personal data being made unavailable for a period of time is
    also a type of breach, as the lack of access to the data can have a significant impact on the
    rights and freedoms of natural persons. A breach involving the temporary loss of availability
    should be documented in accordance with Article 33(5).
    13.1.9 Where personal data is unavailable due to planned system maintenance being carried
    out this is not a ‘breach of security’ as defined in Article 4(12)
    (Article 29 Data Protection Working Party, 2018)

    13.1.10 Under Article 33 of the GDPR, when the centre becomes aware of a personal data
    breach, it must report the breach to the Data Protection Commission without undue delay and
    not later than 72 hours after having become aware of it, unless the personal data breach is
    unlikely to result in a risk to the rights and freedoms of individuals. Where the centre does not
    notify the Data protection Commission within 72 hours, the late notification must be
    accompanied by a written explanation of the delay.
    13.2 Procedure for Responding to an actual or suspected breach of personal data.
    13.2.1 All Care Monitor Personnel or Nursing Matters & Associates personnel acting on behalf of
    Care Monitor, must report any suspected or actual personal data breaches to Ms. Eithne Ni
    Dhomhnaill or his/her deputy immediately.
    13.2.2 Third parties providing backup must report suspected or actual data breaches to Mr. Brian O’
    Neill.
    13.2.3 When either Mr. O Neill or Ms. Ni Dhomhnaill are informed of a suspected or actual data
    breach, both will carry out an initial internal investigation to establish whether or not a data
    breach has occurred.
    13.2.4 If the investigation determines that in fact a personal data breach has occurred involving
    residents or staff of a Customer, the Customer will be informed immediately.
    13.2.5 If the investigation determines that in fact a personal data breach has occurred and is
    assessed as resulting in risks to the data subjects, Ms. Ni Dhomhnaill will complete a first
    notification to the Data Protection Commissioner no later than 24 hours after detection of the
    breach. If all the necessary information is not available at the time of the first notification, a
    second notification must be made within 3 days of the first notification.
    13.2.6 Where it is determined that the data breach has occurred it is likely to result in a risk to the
    rights and freedoms of data subjects, Ms. Ni Dhomhnaill and Mr. O’ Neill will identify and
    implement action(s) needed to address the breach.

    14.0 References.
    1. Article 29 Working Group, (2017) , Guidelines on Data Protection Officers (‘DPOs’) accessed
    13/04/2018 at http://ec.europa.eu/information_society/newsroom/image/document/2016-
    51/wp243_en_40855.pdf
    2. Article 29 Working Group, (2018) Guidelines on Personal data breach notification under
    Regulation 2016/679 accessed 01/05/2018 at
    https://iapp.org/media/pdf/resource_center/WP29-Breach-notification_02-2018.pdf
    3. European Parliament and the Council of the European Union, 2016 General data Protection
    Regulation.
    4. Government of Ireland, Data Protection Bill 2018.
    5. Health Services Executive, DATA PROTECTION AND FREEDOM OF INFORMATION
    LEGISLATION Guidance for Health Service Staff accessed 01/05/2018
    https://www.hse.ie/eng/services/list/3/acutehospitals/hospitals/ulh/staff/resources/pppgs/dp/
    dp.html
    6. Health Services Executive, Data Breach Management Policy accessed 01/05/2018
    https://www.hse.ie/eng/services/list/3/acutehospitals/hospitals/ulh/staff/resources/pppgs/dp/
    dp.html
    7. Nursing and Midwifery Board of Ireland, 2015 Recording Clinical Practice, guidance to
    Nurses and Midwifes
    8. Nursing and Midwifery Board of Ireland, 2014 Code of Professional Conduct and Ethics for
    Nurses and Midwifes
    9. Data Protection Commissioner, (2017) Preparing Your Organisation for the General Data
    Protection Regulation.
    10. Data Protection Commissioner, (2018) Rights of Individuals under the General data
    protection Regulation.
    11. Irish College of General Practitioners, Data Protection Working Group (2018) Processing of
    Patient Personal Data: A Guideline for General Practitioners
    12. Health Act 2007 (Care And Welfare Of Residents In Designated Centres For Older People)
    Regulations 2013
    13. Health Services Executive (2012) Standards and Recommended Practices for Healthcare
    Records Management.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    SAVE & ACCEPT