From 10 June 2019 EMIS Web started migrating practice patient data storage to Amazon Web Services (AWS). Under the General Data Protection Regulation (GDPR), practices using EMIS Web must inform their patients of this change, carry out a Data Protection Impact Assessment (DPIA), update their record of processing activities (ROPA) and review their privacy notice.
Although the EMIS Web communication on 24 May 2019 suggested there was some flexibility around notifying patients and completing a DPIA, this is not the case.
As “Data Controllers” practices must inform patients by their usual methods of communication if there is a significant change to the way their data is processed. This is in order to meet the transparency requirements under the GDPR otherwise they could be in breach of the GDPR.