In preparation for the introduction of the General Data Protection Regulation Act (GDPR, 25 May 2018), the Regional Institution for Protected Housing Kennemerland, Amstelland and Meerlanden (RIBW K/AM) was looking for a single integrated system to comply with the GDPR. With Infoland, they started a pilot. And with success.
If people with mental or psychiatric vulnerability are your clients, that means you have to be extremely careful with their privacy. What information can you share with social workers in the care chain? When do you need the client’s consent or not? What data do you really need to provide appropriate care?
“As an organisation, we want and need to ensure the privacy of our clients,” says policy officer for quality Katrijn Prins. “In practice, we do this as much as possible in consultation with the client. Nevertheless, it is also often searching for the limits of what is or is not allowed. Especially in cooperation with third parties in the care chain. Or if the client is a care avoider and does not give permission. Then we look for other bases for being allowed to process personal data.”
Like many other organisations, RIBW K/AM wanted to get its internal privacy processes in order ahead of the introduction of the GDPR Act. On the initiative of the RIBW Alliance, it commissioned a baseline measurement from which a number of privacy improvement measures emerged. “Here you have to think of measures such as setting up a processing register and establishing better policies in the field of privacy. To this end, we started looking for a system that could ensure compliance with the GDPR. A system with which we could quickly get to work in order to comply with the privacy act by 25 May 2018 or at least show that we were serious about it.”
RIBW K/AM was already working with a number of Zenya modules. The question was therefore whether they could use the existing software to improve the business process in such a way as to make it ‘GDPR-proof’. However, there were no one-size-fits-all answers, so the organisation started a pilot with Infoland. “We were already working with the CHECK, DOC and FLOW modules, including to report incidents and for processing questionnaires. To ensure complete privacy, we additionally tested the RISK module with some add-ons. Our preference was for a system that is not tied to one person, but can be viewed and edited by several. And we wanted to be able to link the different modules in order to get maximum benefit from them.”
Katrijn is satisfied with the outcome of the pilot. As main improvements, she experiences overview, ease of use and grip on processes. “We have purchased all tested add-ons. We now work with Zenya DOC, FLOW and CHECK, supplemented with a few add-ons. That was enough for us to set up one integrated system to comply with the GDPR.
We can quickly switch between the different modules. In case of questions, complaints or possible reviews, we can easily demonstrate that we have got it right. Everything is clear and insightful. Suppose there is a data breach, we can quickly see which application is affected, which parties are involved and who we need to notify. If someone wants to know whether the privacy of a certain process is guaranteed, there is an immediate link to the evidence document.
We also have more control over processes. Tasks are easily assigned to individuals, allowing us to monitor and control the process. That insight makes it possible to make improvements.”
For both parties, the pilot was a search for what was and was not possible. “I think we really pushed the limits of the system and worked with Infoland to find a solution. For us, the system was an impulse to register all things correctly in one go. We now have a good basic system that really suits us and from which we can continue to build.”
Now that the system is in place as it should be, RIBW K/AM can take the next step. Namely, to take the organisation on board and further develop processes. “For example, we are now drafting work instructions, performing a Privacy Impact Analysis for each process description, communicating our policy plan and why privacy and responsible handling of personal data are so important.”
The brochure on Zenya RISK shows how you can better identify and evaluate risks with this smart risk management software.
One learns by doing and that certainly applies to this pilot. Both Infoland and RIBW K/AM learned a lot from it. Katrijn is therefore happy to share some tips.
“As a policy officer, I was closely involved in the project from the beginning. An important advantage of this is that in case of process changes, and thus necessary measures to be taken, I could quickly make the link between technology, regulations and practice. You get the right people in the right place faster, which makes it easier to implement measures. That way, you make targeted strokes in the process which makes it all go more smoothly. My other tip is: think creatively. During the pilot, we constantly asked ourselves: we want this, how can we make it happen? Think in terms of possibilities and, above all, do not be guided by what is or is not possible.”
Contact our experts without obligation. We will be happy to think along with you.