Skip navigation

Information Governance NHS Summit 2018: Ensuring Compliance with GDPR in Health and Social care

GDPR: Ensuring Compliance in Health & Social Care
Dawn Monaghan, Chair, Health and Social Care Working Group on GDPR, Head of Data Sharing and Privacy, NHS England

Dawn began her presentation by asking ‘How are we all feeling post 25 May – exhausted? Work is only just beginning…..Is it panic over? ‘

‘Significant changes to the way we need to operate, it’s not obligations that change, it’s the way we work. We must embed IG within organisations, otherwise you can’t demonstrate your compliant’

What’s important now?

  • Demonstrating compliance
  • Enhanced transparency is key, you need to demonstrate your being clear with people. Everything needs to be consistent.  Constant communication to clients / customers
  • Increased rights – rights depends on what conditions of processing you are using as an organisation

There are 6 items of guidance specifically for health and care including consent.  Dawn urged delegates to look at ‘whats new’ document

Future challenges – we need to make sure why we are getting consent ‘diamond of delight’
Full power point presentation

Monitoring compliance with GDPR in practice
Deepak Jagpal, Information Governance Manager, Royal National Orthopaedic Hospital (RNOH) NHS Trust
Pre-event abstract
Assessing and monitoring compliance
When assessing and monitoring compliance for GDPR there are a number of key areas to consider; monitoring organisational polices; staff awareness; provisions for future training; data protection impact assessments and the monitoring of their performance; SAR response times; breach notifications.
The challenges and quick wins: learning from our gap analysis
The quick wins for the Trust were achieved while working with internal stakeholders insuring compliance of GDPR. This was completed in conjunction with the Trust submission of the ‘Information Governance Toolkit’ version 14.1 (2017-2018). Internal processes and organisational polices were put in place March 2018.
The challenges for the Trust were establishing the appropriate level of awareness for staff, patients, children and visitors. Ensuring the language was simple and personal to all individuals. 
Following the gap analysis action plans were quickly develop for business areas to work towards. The gap analysis also highlighted the gaps in documentation to support individual rights.
Increasing awareness across the organisation
Awareness across the organisation consisted of universal pop-up banners; employees, patients, child friendly leaflets; face2face awareness to staff; privacy notice booklets for employees & temporary workers; privacy notice booklets for patients; privacy notice leaflet for children; publication of privacy notices on internet & intranet; communication to all employees.
All employees received attached with their May 2018 payslips a letter from the Trust CEO, privacy notice booklets for employees & temporary workers and GDPR awareness leaflets.

In his presentation Deepak commented:

‘Huge lot of policies for IG, monitoring for compliance, what are exceptions to the rule’

‘Challenges for us included establishing the appropriate level of awareness for staff, patients, children and visitors and ensuring language was simple and personal to all individuals.’

‘The gap analysis provided high level detail for the Trust. We learnt that Documentation required producing and amending to support rights of individual, action plans for departments to support the transition and involving stakeholders of the associated risk.’

Full power point presentation
The Mandatory Data Privacy Officer and you – what next?
Giles Watkins, CEO, Pridium
Pre-event abstract
The potential mandatory requirement to appoint a Data Protection Officer under the GDPR is causing plenty of consternation and concern amongst public authorities and companies servicing the public sector alike. In this session we will discuss when such an appoint is in fact mandatory, as well as discussing the requirements of the role both as listed in the text of the GDPR and what this is likely to mean in practice. The session will allow plenty of times for questions and debate amongst participants with sharing of practical approaches being adopted.
Full power point presentation

Related Events

Caldicott Guardian Training Course
Tuesday 3 July 2018, The Studio Conference Centre, Birmingham
The Caldicott Guardian 2018: Ethical Decision Making & The Duty of Candour
Thursday 12 July 2018, Manchester Conference Centre, Manchester
Caldicott Guardian Training Course
Friday 20 July 2018, De Vere West One Conference Centre, London

8 June 2018


    Partner Organisations

    The Tavistock and Portman NHS Foundation TrustInPracticeClinical Audit Support CentrePlayoutJust For Nurses
    GGI (Good Governance Institute) accredited conferences CPD Member ASGBI (Association of Surgeons of Great Britain and Ireland) professional partner BADS (British Association of Day Surgery) accredited conferences