GDPR – What you should know…

Technology enables us to do many things today that we could only dream of years ago: think digital tv and radio; the internet of things (like your fridge which apparently has the capacity now to order items that you are running low on); watches that can tell you the news, and the time of course; video recorders and YouTube; and of course telemedicine.

The latter has been around for 60 years or more in various guises – largely oriented to human health, both in terms of diagnostics and communications within the medical profession and more recently between doctors and their patients. It has also been practised a lot in veterinary medicine through the use of the telephone which is hardly new but has helped enormously in the provision of veterinary care to our patients.

Obviously, there has been a huge focus on security of patient information just consider the implications of genomics and insurance companies – the latter would die for access to this information.

With the advent of veterinary telemedicine a whole raft of “business to client” sales teams are making productive use of the data we generate on a daily basis, and collected by us for the giants, and not so big companies whose services we think are free but which are harvesting our data like piranhas. Remember that old saying –  ‘there is no such thing as a free lunch’ – never was a truer word spoken.

The problem for businesses that want to use the new wave of technologies is that we now also have much more stringent laws governing the use and transfer of personal data, and rightly so.

The unfortunate consequence of these laws is the unwary can quickly become embroiled in a legal issue with a client who is unhappy that their data has been mis-used in some way – sometimes with some hefty fines following on behind or at least some bad publicity.

Avoiding these issues behoves all of us to become more aware of technology, its opportunities and its repercussions.

In particular we have GDPR laws that are strong throughout Europe and the UK (post brexit) and beyond. 

So what is the smaller business to do in terms of making sure they are compliant when it comes to Telemedicine. Here are some tips that you ignore at your peril:

Check the information you receive from these potential partners – if it is less than perfect then question their suitability as a technology partner for your business.

We are grateful to Jack Peploe for his expertise and advice in the following section:

  • In most cases vets that use apps such as WhatsApp do so through their staff members’ personal Whatsapp accounts. This alone is a big “no no” for a number of reasons, these include:
  • Most vets will not have the necessary security measures in place e.g. MDM (mobile device management) to control the data which is shared onto personal devices. This poses a risk should that device get lost or stolen, or even if that staff member was to leave. The “Data controller”  is responsible for controlling data and by sharing clients’s contact details (which is needed to contact a client via WhatsApp) via someone’s personal device, immediately breaks this responsibility.
  • This is a double edged sword though as it is not just about the clients’ data. By the vet contacting the client using their personal device they are immediately sharing their personal information which is not a good practice. It would be an extreme case but what if the client made the vet uncomfortable they have no easy way to block that client as that client has their personal details. At the very least that vet runs the risk of being contacted directly by the client at whatever time and day suits the client, instead of through the practice.
  • Even if this was a business device, by not having MDM in place you are not ring-fencing your data, again putting it at risk should that device become lost or stolen.
  • Now let’s consider the relationship WhatsApp has with Facebook. As we are all aware nothing in life is free. You get use of this great messaging service for a cost…your data. Yes the data is encrypted on your device and is encrypted in transit (when you are sending a message). That is just to stop “external threat actors” (the bad guys) from getting access to your data. However Facebook owns WhatsApp and within the privacy policy they make it clear that they will share data with the “Facebook family of companies”. Why can this work against a vet:
  • If I (a vet) am consulting you (a client) via WhatsApp, from our conversation, Facebook will be able to identify that you are receiving veterinary advice. If a competing vet was to be switched on about this they could use Facebook Ads to target people that have shown interest in veterinary services. So Facebook are not sharing my personal details, but they are enabling a competitor to target that individual anonymously.

Before we use a tool we need to be aware of how and why the provider will be making it available. We need to be aware that Facebook as a group’s revenue is significantly related  to it being a “data miner”.

Zoom also  needs to be thought about. As you may have been aware they have not had a good track record having recently fallen victim to a breach resulting in 500,000 records being stolen from their service! They will not share your details on purpose, or at least it does not state that they do in their privacy policy, but their security has to be seen as questionable. One of the key reasons that Zoom is still popular is because its platform is easy to use and is a life saver in the COVID constrained environment we are in. The latest release of their platform has resolved a number of concerns which is good to know. For more of Jack’s insider views  please see:

In the end you can do whatever suits you best but as always – buyer beware!

Powered by BetterDocs

Leave a Reply

Your email address will not be published. Required fields are marked *