GDPR

The General Data Protection Regulation (GDPR) is essentially a new Data Protection framework that applies across the EU from 25 May 2018.

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

Under the General Data Protection Regulation (EU) 2016/679, NOCA is a “Controller” in respect to personal data that you provide to us. For information on GDPR, you can visit the Data Protection Commissioner website here

Under GDPR, ‘personal data’ means any information relating to an identifiable person (called a data subject) who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

We classify the personal data we hold in two ways: Audit data and Communication data
Audit Personal data – for the majority of our audits we use anonymised or pseudonymised data which means the only personal data will hold is the reference to the identifier. The link back to your identifier is held within the hospitals so we cannot identify you directly from within NOCA. The only exception to this is the Irish National Orthopaedic Register, in which we hold MRN, INOR ID, name, address, contact number and other health information.
For our Communication data, we have a number of NOCA Mailing lists which are used for the following:

• To communicate with our audit teams in each hospital (you will be required to remain on this list, while assigned to work on that specific audit. If your role changes you will be removed from this list)
  
• To keep you informed about our National Clinical Audits
  
• To send you information such as events, publications and areas of professional interest relating to clinical audit
  
• To send you our NOCA newsletter
  
• To gain your feedback in surveys we issue from time to time
  

Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.
Information shared between your browser and our site is encrypted and secured using Secure Socket Layer (SSL/HTTPS) technologies, which creates a secure and encrypted medium of data transfer between your browser and our servers and adds a layer of security to prevent malicious attackers obtaining your personal data.
We also employ standard industry operating procedures and internal policies to ensure that your data remains secure, and continually monitor and improve the security of all hosting and storage infrastructure we use to store data.
Personal data provided for our mailing lists are held securely on servers and accessed from encrypted devices used by the NOCA Executive Team.

We will retain your information for as long as necessary to provide you with services, and to comply with our legal and regulatory obligations. We update our communication lists regularly and you can unsubscribe at any time.
In relation to audit data, we hold for the lifetime of the audit or until consent is withdrawn.
Our Data retention policy outlines the length of time we hold the data types for. We are committed to protecting your personal data to the very best of our ability and take the appropriate steps to do in collecting, storing and destroying your data.

You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:

• Right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
  
• Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
  
• Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
  
• Right to restriction of processing or to object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
  
• Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
  

Yes you can. Under the General Data Protection Regulation (GDPR) (EU) 2016/679, you have certain rights to obtain a copy of the data held about you. Any such requests should be made in writing to the Information Manager, NOCA.

Please contact our Data Protection Officer by email at: auditinfo@noca.ie
Or write to us and mark the letter
FAO: Data Protection Officer

Under the regulations data controllers have 30 days to provide the data.