There is good reason why GDPR stands for Ghastly, Dumb, Paralysing Regulation. I received an email from Norville today asking me to refrain from using a patient’s name in the reference on orders so that they could continue to protect data when it is with them.
As our order forms do not contain, in addition to the patient’s name, a date of birth, address or any other information that would possibly make the identity of the patient obvious to anyone with or without a genuine interest, I am struggling to see what, if any, problem arises from Norville processing such data.
I am about to order a frame. I am concerned now to divulge the patient’s name so will not give anything away that could possibly link the two to avoid revealing any sensitive data. No doubt when the frame arrives, I will then struggle for days to match the frame with the patient’s lenses on order.
When the patient finally rings to chase their spectacles, I am sure they will be thoroughly delighted with the delay knowing that they may not have their glasses, but at least I have minimised processing their personal data.
David Levy