A failure to apply IT safeguards or data protection measures, which are subject to control under applicable regulations, is like disclosing a code to a bank vault – Jim Hurley, Managing Director of IT Policy Compliance Group

Dear Sir / Madam,

Information is the most valuable asset of the Greater Poland Cancer Centre, and the foundation on which it operates. Therefore, it is our top priority to protect that information by designing, implementing and maintaining an information security system, based on Information Security Policy of the GPCC.

The Policy is based on the national laws, quality standards and guidelines of the supervisory authority in the area of personal data protection.

In the face of the growing value of information being processed, particularly sensitive data on patient health condition, the Policy has been supplemented with the Centre Management Support Declaration to acknowledge the need for implementing an information security system.

The Policy encompasses many aspects which arise from the nature of the activity conducted and the size of an organisational unit. It defines the rules for the management and protection of information that constitutes a secret of of a unit concerned or is legally protected; providing access to information and processing systems for operational purposes, and critical procedures in case of safety incidents.

In particular, the following documents have been drawn up under GPCC’s Information Security Policy:

  • Personal Data Security Policy
  • Privacy Protection Policy

Personal Data Security Policy

Personal Data Security Policy (PDSP) developed in pursuance of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – RODO and laws relevant to the medical sector, pertains to the overall system of protecting personal data, i.e. protection of both data processed conventionally and those processed through IT systems.

PDSP takes priority over any other internal by-laws and instructions issued in this regard.

The Policy contains detailed guidelines for numerous obligations imposed on the Personal Data Administrator (PDA).  One of the most important obligations – apart from the that to take particular care in protecting the interests of persons concerned (obligation to protect data), is the information requirement (Article 13 RODO) .

To learn more about the information requirement click here.

Privacy Protection Policy

Attaching particular importance to protecting the privacy of all persons, including patients visiting GPCC’s websites, we have put in place the Privacy Protection Policy, that provides a framework for the processing (in particular: collecting, modifying, removing, and sharing) of data about  person visiting GPCC web services.

This information is easily accessible on the GPCC home page and at the bottom of each GCC web page. GPCC strictly complies with rules specified in the Policy.

Please read carefully the Privacy Protection Policy before starting to use the service. If you do not accept the terms of Privacy Protection Policy, you must exit any GPCC service.

This notice relates to all websites and domains controlled by the GPCC, except for specific websites where other privacy protection rules have been published to be applicable instead of the above notice.

Contact for matters related to Personal Data Protection

Dear Sir / Madam,
in matters related to the protection of your data, please contact daneosobowe (at) wco.pl

 

Appendices