A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Download PDF Print page
Published 1 mayo 2018
On 25 May 2018, the new General Data Protection Regulation will come into force. The GDPR builds on the existing data protection regime and places new obligations on NHS organisations.
The implementation date is fast approaching and it is important that you continue to take steps to ensure compliance. Most NHS bodies will be required to update existing documents, such as privacy notices and data protection impact assessments, in order to satisfy their obligations under the GDPR.
One of the key changes we've been advising NHS bodies on are the new requirements regarding the content of data processing agreements. It's important that you update any template contracts and review your existing contracts to ensure GPDR compliance. You may be aware that the Crown Commercial Service (CCS) recently published a Procurement Policy Note ("PPN") in relation to the GDPR. Although the PPN does not directly apply to NHS Trusts and CCGs, it helpfully includes some generic clauses that can be incorporated into contracts that will be in force after 25 May 2018. There is also a draft letter that can be sent to suppliers in order to notify them of changes you intend to make to relevant contracts. If you have not already started reviewing your contacts, we suggest you start as soon as possible to help ensure that suitable variations can be made to contracts ahead of the implementation deadline. It's likely that you have a significant number of existing contracts in place and so we suggest that you take a risk based approach to the contract review - for example, by identifying the contracts of highest value or those which involve the processing of a large amount of personal data and reviewing them first.
You may also be aware that your obligations in the event of a data breach have changed. One of the changes is that the GDPR now requires mandatory notification to the Information Commissioner without undue delay and in any event, within 72 hours of becoming aware of the breach. Historically, NHS organisations have recorded breaches through the IG toolkit and voluntarily notified the Information Commissioner, so this is not a huge departure from the current position. However, you should test and update your existing data breach processes to ensure that the 72 hour deadline can be met.
Please download our GDPR Handbook for Health and Social Care and if you need any further advice or guidance in relation to GDPR, please let us know.
Newcastle
+44(0)191 404 4192
By Adam Burrell
By Vicky Clarke, Rachel Rough
By Mark Bailey, Mark Ashley
By Thomas Jordan
By Simon Perkins, Nikki Green
By Neil Rowe
By Mark Ashley, Katharine Taylor
By Nicola Kumi, Kristian Hansen
By Katy Barraclough Jones, Stuart Wallace
By Chloe Davies
By Mark Ashley, Benjamin Newall, Shaswati Pal
By Stuart Keyden, Mark Ashley
By Heather Durston-Hillyer, Sean Doherty, Ciaran Claffey, James Oelschlaegel
By Mark Ashley, Ciaran Claffey
By Sean Doherty, Stuart Wallace, Nikki Green
By Sean Doherty, Heather Durston-Hillyer, Ciaran Claffey
By Mark Ashley
By Jonathan Bonser, Mark Ashley, Stuart Keyden
By Heather Durston-Hillyer, Sean Doherty, Faye Swales, Amy Oliver
By Mark Ashley, Jonathan Bonser, Benjamin Newall