Colleagues will be working with their local teams on each individual NHS body’s response to the European Union General Data Protection Regulation (GDPR) and the new UK Bill ahead of the new Regulation coming into force on 25th May. These measures will have wide implications for any organisation that handles personal data, including the NHS which handles a considerable amount of highly sensitive data.
It also gives individuals additional rights to choose how their information is used so we may want to ensure we understand how our information is currently being used and what measures we may wish to take to safeguard it.
There is a range of guidance to help the NHS:
Click here to access the Information Commissioner’s Office’s website: this includes a range of information including two very useful guides. One sets out the 12 Steps to Take Now, and the other includes a checklist covering issues such as: carrying out a data audit; carrying out a risk assessment; reviewing security; creating an action plan; on-going monitoring; on-going training and awareness, and looking at the culture of the organisation with regard to the management of personal data.
The Information Governance Alliance (IGA) website includes a range of information. The IGA was created to enable the Department of Health and Social Care, NHS England and NHS Digital to meet their statutory responsibility for producing advice and guidance relating to information governance in health and care. It aims to be a single authoritative source of advice and guidance about the rules on using and sharing information in health and care. For more information on the IGA, click here.
For information about GDPR, click here.
For the CEO Briefing Note: Changes to Data Protection legislation: why this matters TO YOU, click here.
Clearly the changes will affect the way the NHS as an employer operates, given the nature of key tasks such as around employment checks and recruitment processes. NHS Employers has produced a fact sheet – click here for more information from NHS Employers.