ICO Requests Compulsory Audit Powers of NHS Organisations

Last week the Information Commissioner’s Office submitted a request to extend its powers in carrying out compulsory assessments of NHS bodies and their compliance with the Data Protection Act 1998.

View the request in full here


Currently the ICO has the power to serve an assessment notice to an NHS organisation, whereby the organisations level of compliance will then be assessed. In reality this usually only happens after a data breach.

The ICO is now pushing for powers to conduct audits of NHS organisations as and when it sees fit. The intention of this is to ensure DPA compliance and avoid data breaches long before they occur.

The ICO sees compulsory audits as a way of reversing the current trend of being reactive and instead take a proactive approach. In addition the NHS stores and transmits huge amounts of personal data, which in honesty, really should be protected and handled in compliance with the DPA.

In the not too distant future, the Information Commissioner could be turning up at your doorstep. Are you going to be compliant when he does?

The easiest and most cost-effective way to ensure compliance is the DPA Compliance Toolkit. Providing time saving tools and documents this toolkit has helped hundreds of organisations achieve DPA compliance. Learn more about the Data Compliance Toolkit