NHS Digital release GDPR guidance for health and social care

NHS Digital today released guidance aimed at helping health and social care organisations achieve compliance with the General Data Protection Regulation (GDPR) by the 25 May deadline.

The guidance highlights the changes that the GDPR will introduce against current guidelines in health and social care, and provides a checklist for healthcare providers and their supply chain to demonstrate compliance with the Regulation.

Headline impacts

  • New accountability requirements mean organisations must demonstrate compliance with the Regulation. Healthcare providers will be required to keep records of all data processing activities.
  • Public authorities, as well as any organisation that processes large amounts of sensitive data, will be required to appoint a data protection officer (DPO).
  • Data protection impact assessments (DPIAs) will be required for high-risk data processing.
  • In most cases, organisations will not be able to charge for subject access requests (SARs).
  • Organisations will need to report data breaches that result in a risk to data subjects to the Information Commissioner’s Office (ICO) within 72 hours.
  • The maximum penalty for non-compliance with the GDPR is significantly greater than current powers given to the ICO under the Data Protection Act (DPA).

Further guidance on how to comply with the GDPR is available on our information page.

GDPR training courses

Certified EU GDPR Foundation Training Course

Certified EU General Data Protection Regulation Foundation (GDPR) Training CourseThis one-day Foundation-level course provides a comprehensive introduction to the GDPR, and an overview of the implications and legal requirements for organisations, including responding to individuals exercising their data rights, DPIAs and data breach reporting.

Book your place now>>

Certified EU GDPR Practitioner Training Course

Certified EU General Data Protection Regulation Practitioner (GDPR) Training CourseThis four-day Advanced-level course builds on the GDPR Foundation qualification to equip participants with the knowledge and operational skills to build, implement and manage a compliance programme under the GDPR, and to successfully fulfil the DPO role.

Please note that you must attend the Certified EU GDPR Foundation course and pass the Certified EU GDPR Foundation examination before you can attend the Practitioner course.

Book your place now>>

Save 15% when you book the Foundation and Practitioner course together.

Don’t miss our live GDPR Q&A on Valentine’s Day (Wednesday 14 February 2018) at 3:00 pm. IT Governance’s founder and GDPR expert, Alan Calder, will be answering your GDPR related queries via Twitter. Join the discussion and tweet your thoughts using hashtag #GDPRJoinTheDiscussion.

More information on the range of services we offer health and social care organisations is available on our website.