Health Real Estate Tip of the Week: Have your say on the Service Charge Code
You may be involved in a service charge regime either as an occupier, or as a landlord of, for example, retail income-generating space…
Published 8 February 2018
The NHS handles a large amount of personal data on a daily basis. The definition of personal data goes well beyond confidential and sensitive information, which means that you are likely to collect personal data while managing the NHS property portfolio. For example, you may gather and store information about tenants, landlords, employees and agents as a part of your normal operations. This might be collected as part of a manual process or be entirely automated. Obvious examples of personal data include names, addresses (email and physical), telephone numbers, DoBs and bank details for regular payments such as rent.
Current data protection law already imposes obligations on how organisations must manage this data and includes significant sanctions for non-compliance. However, the law will be significantly strengthened on 25 May 2018 when the EU General Data Protection Regulation comes into effect. Despite the name it will continue to apply following Brexit and will:
The new regime imposes:
Public sector organisations are not exempt from these requirements and may therefore be sanctioned for breach. You should review the extent to which you need to prepare for the new regime (including developing or updating a suitable response plan to deal with any data breach).
DAC Beachcroft’s cyber and data risk team can be contacted to assist now or in the event of a cyber incident or data breach on 0800 302 9215 or DataRisk@dacbeachcroft.com.