Stichting HIV Monitoring and privacy

Privacy at Stichting HIV Monitoring

It goes without saying that privacy has always been a top priority for Stichting HIV Monitoring. In preparation for the new EU GDPR that came into effect on 25 May 2018, we have taken a number of additional measures to ensure that we meet all the requirements set by this new regulation and to further raise awareness among our staff and collaborators.

The EU GDPR sets out the requirements for processing personal information. Personal information refers to all data that can be traced back to individuals (patients, staff, interns, students, visitors and business partners), and processing means anything that can be done to personal information, including receiving, storing, viewing, sharing, keeping, or destroying it.

SHM data protection officer

To ensure that our organisation and staff meet the GDPR requirements, we appointed a data protection officer (DPO). The DPO is responsible for disseminating information and advice across the organisation about the GDPR and other relevant privacy laws, and for ensuring that the information and advice is followed up and acted upon.

SHM’s privacy policy         
We have updated our privacy policy, ensuring that the GDPR requirements are covered in our work processes. Almost all our processes are now GDPR compliant, with just a few, more complex processes awaiting final legal input prior to being finalised.

Internally, our privacy policy includes a number of key documents and protocols, including a privacy document entitled ‘How to deal with privacy-sensitive information’, our staff handbook, a risk management system, data processing contracts with key partners, and a protocol for reporting data privacy incidents and data leaks.

Staff training

In the run-up to the launch of the GDPR, staff have attended regular presentations on the topic of privacy and information has also been distributed in internal newsletters and on our intranet site. More recently, SHM staff have been required to follow an obligatory e-learning module developed by the Academic Medical Centre (AMC) to raise awareness about privacy and information security.

Updated patient information sheet

Our patient information sheet has also undergone a thorough revision to ensure it is up to date and privacy-compliant. The revised patient information sheet will soon be made available to all HIV treatment teams and will include information on how we process personal information, what the rights are of those people whose personal data are being processed and how they can exercise these rights.

Privacy is key to our work and we will continue to review and revise processes to guarantee that our data are optimally protected. During the coming months we will be finalising our privacy policy and related processes. We will also be informing all our partners, including HIV treatment centres, of any GDPR-related changes we may have made and how these may affect our collaborations.

Should you have any questions about our privacy policy, please feel free to contact us