Blog

DSPT Support Page – No. 13

DSPT Support Page – No. 13

Introduction Working with Practice Managers, NWL Primary Care Teams, The NWL IG team and the DPO, this page and the documents in it have been put together to help you complete the Data Security and Protection Toolkit (DSPT) by the 31st March 2019. To avoid a plethora of DSPT support pages we plan to present …

Read More Read More

DSPT Introduction – No. 12

DSPT Introduction – No. 12

Introduction This is a follow on from the GDPR blog which will look at the the Data Security and Protection Toolkit which all GP practices need to submit by the 31st March 2019. The DSPT is a sequel to the IG Toolkit and whilst many parts are similar, there are also new sections and the sum total is …

Read More Read More

Summary Blog – No. 11

Summary Blog – No. 11

Introduction The past 10 weeks have seen us work through the core aspects of good information governance, which will allow you to demonstrate that your GP practice is compliant with GDPR and the new Data Protection Act 2018. We have stressed that this is not a one-off exercise but a process which needs to be kept …

Read More Read More

Layered Fair Processing – No. 10

Layered Fair Processing – No. 10

Introduction Being transparent with individuals about how their personal data is used is a key aspect of privacy and confidentiality law. GDPR introduced transparency as a new requirement into the first data protection principle, it states that processing must be ‘fair, lawful and transparent’. Information communicated to individuals should be provided in a layered approach, …

Read More Read More

Right of Access – No. 9

Right of Access – No. 9

Introduction Obtaining access to their own information is one of the most exercised rights afforded to data subjects. Those rights have changed under the new data protection legislation, making it easier for them to access their medical records.  Controllers can no longer charge for providing data subjects with their personal data and have to respond …

Read More Read More

Managing Risk – No. 8

Managing Risk – No. 8

Introduction and comments Information is valuable to primary care and the NHS as a whole as it allows us to treat and protect patients, as well as to design and provide them with the best possible services. It is important for practices to understand what information they hold, why they hold it and what safeguards …

Read More Read More

GDPR Accountability – No. 7

GDPR Accountability – No. 7

Introduction and comments We made a change to our schedule this week, and instead of fair processing we have looked at the levels of accountability which we are required to demonstrate following GDPR: Practice accountability – the technical and organisation measures that need to be in place in order for us to be able to …

Read More Read More

Record of Processing – No. 6

Record of Processing – No. 6

Introduction and comments This week we looked at ‘record of processing’ which is a new requirement under the latest data privacy legislation. We also looked at the production of a Policy Document for the special categories of personal data (Data Protection Act 2018). In case anyone is wondering where the timetable posting in “What, When …

Read More Read More

The ISA and DPA – No.5

The ISA and DPA – No.5

Introduction and comments This week we looked at Information Sharing Agreements (ISAs) and Data Processing Agreements (DPAs). A note first on definitions and terminology. Whilst information is often considered processed data, in this context they mean the same thing: so, an ISA might also be referred to as a Data Sharing Agreement (DSA) or a Data …

Read More Read More

Individual Rights & SARs – No. 4

Individual Rights & SARs – No. 4

Intro and comments This week we looked at the individual rights of data subjects, which GPs as data controllers must now be able to provide under GDPR. They are detailed below. Discussing these new rights in practice meetings can be a good way of helping your team to understand and meet them. We have now reviewed …

Read More Read More

The “DPIA” – No. 3

The “DPIA” – No. 3

Intro and comments In order to meet the latest privacy legislation, we need to consider data risks early in the design stage of any project. This week we will be looking at the Data Protection Impact Assessment (DPIA) which is a tool which allows us to do this and which supports ‘privacy by design’. A …

Read More Read More

Data Mapping – No. 2

Data Mapping – No. 2

Intro and comments We have met with the team who will be taking us through the process of becoming GDPR compliant and have made some plans. This week we are sharing those plans and giving you a chance to think about who in your practice will be needed, for how much time and over what duration.  …

Read More Read More

Inaugural Blog – No. 1

Inaugural Blog – No. 1

GDPR compliance for NWL GPs (TPP) Welcome to this inaugural blog which is going to follow the process of taking our GP practice through to GDPR compliance. There has been some understandable anxiety around the concept of a deadline on the 25th May, but most practices nationwide will not be compliant by then. Rather than …

Read More Read More

What, When and How

What, When and How

The Purpose This blog will document the process of two Hammersmith GP practices who are being taken through the tasks required to become GDPR compliant. – Timetable Below is the planned schedule. It may be updated depending on how we progress. – Format of blog To help usability each weekly blog will follow a standard …

Read More Read More