Under GDPR, you’re going to have to ask for consent to send out marketing emails, but what about reminder notifications?
In most cases, you’re not going to need consent for reminders. Here’s why and how you can set your Juvonno account up as a health care provider:
What are reminders under GDPR?
The International Commissioner’s Office expresses something we’d really like all Juvonno users to have a look at. When processing data under GDPR:
Care providers…will likely have a very good reason for processing much of the personal data they hold for the purposes of providing medical care.
Reminder notifications fall under “very good reason for processing.” You have a legitimate business reason to send reminder notifications because it helps you deliver and manage the health services you provide:
Reminder notifications are covered under your health clinic’s “Legal Basis for Processing Data” (many health clinics will be naming GDPR Article 9(2)h as their legal basis. Read more here: GDPR Consent Language.
Reminder notifications are also part of your clinic’s Legitimate Interests - it is common practice for people to rely on reminder notifications to actually show up for health care service appointments. People won’t be surprised that a health clinic offers reminder emails.
The processing of personal data in the form of a reminder notification for health care services has minimal privacy impact as defined under GDPR.
There are two things to do to make sure you are following GDPR when sending out reminder notifications.
1) First and foremost, your clinic needs to document the Lawful Basis upon which you are collecting and processing personal and health data. GDPR does not provide a standard on how to document your Lawful Basis so this could be in the form of a binder where you keep all of your policies and privacy information or it could be an electronic document or folder. The key is to ensure that what you record is sufficient to demonstrate that a lawful basis applies and the way you record it is accessible should you ever need to prove compliance with GDPR.
2) GDPR also requires that you notify your patients of your data collection and use practices. What data do you collect? To what use do you put it? (Here you might explain that you collect email addresses in order to provide appointment reminder notifications). How long are you required by your regulating body to keep that data? Etc.
Have a look here for more info on how to inform your patients: Right to Be Informed
How to set up Appointment Notifications Juvonno
Visit this article for a brief tutorial on how to enable booking and other notifications.
Note: This article summarizes consent for GDPR and not meant as legal advice.