Data protection in practice

Data protection issues are rarely far from the news. As the recent attack on Royal Mail, in January this year illustrated, not only are they publicly embarrassing, they can be commercially disastrous both for an attacked organisation and its customers.

For the optical profession, the matter has not all been plain sailing.

In December 2015, the General Optical Council (GOC) had to issue a public apology to registrants after it made a mistake when processing their personal data. In essence, the GOC had allowed the purchase of electronic copies of registrant information not with practice information, but instead, home addresses. Registrants were subsequently contacted at home by third-party firms. The GOC was lucky not to be fined.

Of course, practices use data for a number of reasons: to market themselves, hold patient data, to comply with obligations or monitor staff. However, the law places restrictions on activities.


As James Davies, an employment law solicitor at Cater Leydon Millard, comments, UK law is based on several different sources: the UK’s General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), which grants specific privacy rights concerning electronic communications.

Register now to continue reading

Thank you for visiting Optician Online. Register now to access up to 10 news and opinion articles a month.


Already have an account? Sign in here