Please use the latest version of a supported browser with JavaScript enabled: Got it - don't show me this again
SUPPORTED MOBILE BROWSERS | |
---|---|
ANDROID AND IOS |
|
ANDROID ONLY |
|
IOS ONLY |
|
WINDOWS 10 MOBILE |
|
SUPPORTED DESKTOP BROWSERS | |
WINDOWS AND MAC |
|
MAC ONLY |
|
WINDOWS ONLY |
|
Last updated: 8th November 2021
The Data Protection Act 2018 replaces the 1998 Act and came into force on the 22nd May 2018. The Data Protection Act 2018 is the UK's implementation of the General Data Protection Regulation (GDPR) which broadly mirrors the EU GDPR.
medDigital, the company behind medCrowd, is registered with the UK Information Commissioners Office as a data controller with registration Z1263667.
The Data Protection Act controls how medCrowd uses personal information. We must follow strict rules known as the 'data protection principles'.
The following tables list the requirements of the legislation. Rows are colour coded to indicate our compliance as of the date at the top of this document.
Compliant. |
Not compliant. Solution identified and scheduled for implementation. |
Not compliant. |
Principle/Chapter | Description | Implementation |
(a) - lawfulness, fairness and transparency |
Personal data shall be processed lawfully, fairly and in a transparent manner. |
medCrowd satisfies this principle by:
|
(b) - purpose limitation |
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. |
medCrowd satisfies this principle by:
|
(c) - data minimisation |
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. |
medCrowd satisfies this principle by:
|
(d) - accuracy |
Personal data shall be accurate and, where necessary, kept up to date. |
medCrowd satisfies this principle by:
|
(e) - storage limitation |
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. |
medCrowd satisfies this principle by:
1 A medCrowd user who deletes their account can no longer be identified on medCrowd. However, their personal data will still be available to auditors for six years to comply with healthcare legislation (e.g. HIPAA) |
(f) - integrity and confidentiality |
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, or destruction of, or damage to, personal data. |
medCrowd satisfies this principle by:
|
Chapter III: Rights |
Personal data shall be processed in accordance with the rights of data subjects under this Act. |
medCrowd satisfies this principle by providing medCrowd users a comprehensive Privacy Policy which details the rights, by providing tools within the medCrowd platform for users to exercise those rights and where this isn't possible, providing a contact point within our organisation for those rights to be respected and actioned. |
Chapter V: Transfers |
Personal data shall not be transferred to a country or territory unless that country or territory has an adequacy decision from the European Commission or the United Kingdom or appropriate safeguards are in place. |
medCrowd satisfies this principle by:
|
Accountability |
The accountability principle requires us to take responsibility for what we do with personal data and showing how we comply with the other principles. |
medCrowd satisfies this principle by:
|