Protection of personally identifiable information

The General Data Protection Regulation (GDPR) came in to force in May 2018 and has had a significant impact upon the way that personal data is managed. It places legal requirements upon data processors and controllers to manage that information securely, maintain records of the processing that is carried out, and report when breaches of the regulation do occur. This has impacted the way many businesses operate, and is not restricted to the healthcare sector.

The GDPR requirements have been implemented within the context of a mature ISO 27001 Information Security Management System – the globally accepted standard by which information is secured. This ensures that senior management have regular visibility of the threats to the confidentiality, availability and integrity of the information that we process, and are able to steer the efforts of their teams to provide an efficient service that places the confidentiality of our customers and their patients at the heart of everything we do.

In order to support our customers compliance with the regulation and as a part of a wider GDPR compliance project, TDL has updated its standard terms and conditions to include revised data processing clauses, which are mandatory when providing personal data to another organisation.