NHS PROJECT 3

Project Goal(s)

Data Protection Officer as a Service

Privacy by Design Implementation

Information Governance Implementation

Audit

Contribution

– Provision of all the DPO obligations stated in GDPR for the GP practices

– Implement the Data Protection requirements for the practices on an ongoing basis

– Achieve ‘Standards met’ for all the WF practices, Specialist Primary Care organisations for the DSP toolkit and file the same annually

– Train all the Practices, Care Homes, Specialist Primary Care organisations on DPA and GDPR 2018 and associated areas including Information Governance and Security

– Data Privacy Impact Assessments

– Privacy and Security by Design and Default support for all the GP Practices

– Regular assessments, readiness audit and compliance monitoring

– Ongoing guidance on day-to-day compliance queries with same day responses in most cases

– Data share agreements/guidance

– Handle regulatory escalations/complaints etc., with the ICO/Regulators

– Data breach management/reporting 24×7 cover

– Escalation point for the data subjects

– Freedom of Information guidance for FOI requests as and when they are receivedSitting for Data Protection and Information Governance in CQC audits

– One point contact for regulators, practice staff, patient escalations, CQC auditors (for the specified areas), NHS digital

– Other initiatives such as National Data Opt-out and Research.

Technologies/Framework for data/management/delivery

To complete

Outcome

Achieved “Standards Met” compliance level from scratch for all the GP clients with Data Security and Protection Toolkit

Data Protection audits for CQC – no findings

Input the learnings into the next iteration of NHS England DSP toolkit

View other portfolios: