Blog

Right of Access – No. 9

Right of Access – No. 9

Introduction Obtaining access to their own information is one of the most exercised rights afforded to data subjects. Those rights have changed under the new data protection legislation, making it easier for them to access their medical records.  Controllers can no longer charge for providing data subjects with their personal data and have to respond …

Read More Read More

Managing Risk – No. 8

Managing Risk – No. 8

Introduction and comments Information is valuable to primary care and the NHS as a whole as it allows us to treat and protect patients, as well as to design and provide them with the best possible services. It is important for practices to understand what information they hold, why they hold it and what safeguards …

Read More Read More

GDPR Accountability – No. 7

GDPR Accountability – No. 7

Introduction and comments We made a change to our schedule this week, and instead of fair processing we have looked at the levels of accountability which we are required to demonstrate following GDPR: Practice accountability – the technical and organisation measures that need to be in place in order for us to be able to …

Read More Read More

Record of Processing – No. 6

Record of Processing – No. 6

Introduction and comments This week we looked at ‘record of processing’ which is a new requirement under the latest data privacy legislation. We also looked at the production of a Policy Document for the special categories of personal data (Data Protection Act 2018). In case anyone is wondering where the timetable posting in “What, When …

Read More Read More

The ISA and DPA – No. 5

The ISA and DPA – No. 5

Introduction and comments This week we looked at Information Sharing Agreements (ISAs) and Data Processing Agreements (DPAs). A note first on definitions and terminology. Whilst information is often considered processed data, in this context they mean the same thing: so, an ISA might also be referred to as a Data Sharing Agreement (DSA) or a Data …

Read More Read More

Individual Rights & SARs – No. 4

Individual Rights & SARs – No. 4

Intro and comments This week we looked at the individual rights of data subjects, which GPs as data controllers must now be able to provide under GDPR. They are detailed below. Discussing these new rights in practice meetings can be a good way of helping your team to understand and meet them. We have now reviewed …

Read More Read More

The “DPIA” – No. 3

The “DPIA” – No. 3

Intro and comments In order to meet the latest privacy legislation, we need to consider data risks early in the design stage of any project. This week we will be looking at the Data Protection Impact Assessment (DPIA) which is a tool which allows us to do this and which supports ‘privacy by design’. A …

Read More Read More

Data Mapping – No. 2

Data Mapping – No. 2

Intro and comments We have met with the team who will be taking us through the process of becoming GDPR compliant and have made some plans. This week we are sharing those plans and giving you a chance to think about who in your practice will be needed, for how much time and over what duration.  …

Read More Read More

Inaugural Blog – No. 1

Inaugural Blog – No. 1

GDPR compliance for NWL GPs (TPP) Welcome to this inaugural blog which is going to follow the process of taking our GP practice through to GDPR compliance. There has been some understandable anxiety around the concept of a deadline on the 25th May, but most practices nationwide will not be compliant by then. Rather than …

Read More Read More

What, When and How

What, When and How

The Purpose This blog will document the process of two Hammersmith GP practices who are being taken through the tasks required to become GDPR compliant. – Timetable Below is the planned schedule. It may be updated depending on how we progress. – Format of blog To help usability each weekly blog will follow a standard …

Read More Read More