Skip navigation

News and Updates for todays Information Governance NHS Summit 2019

Martin Staples, NHS EnglandMartin Staples, NHS England

GDPR: Ensuring Compliance in Health & Social Care
Martin Staples,
Data Sharing and Privacy Specialist, Information and Transparency Group, NHS England
Pre-event abstract
Recent changes in the law have led to a number of Health and Social Care Organisations questioning how they use personal and confidential data, especially given the increase in the sanctioning regime. This session is aimed at guiding Organisations into complying with the Data Protection Act 2018, and how to use data safely to achieve the outcomes they plan for.

Martin said key GDPR considerations for Caldicott Guardians and Information Governance Leads are; purpose; legal basis; impact assessments; consent. Consent must be specific, informed, unambiguous, and freely given. Challenges include; privacy notice; mindset;reliance on consent; privacy by Design and Default; ensuring correct legal basis to process. 
Full PowerPoint Presentation

Multiagency Information Sharing and GDPR
Iain Harrison,
Information Governance Manager, Leicester City Council
Pre-event abstract
We have a new Data Protection Act! Same as the old Data Protection Act (mostly).
The legislation does nevertheless present challenges to Health and Social Care. On one hand we have enhanced exemptions and conditions for processing. On the other hand, we have enhanced Data Subject rights.
Along with this, there is more impetus to share with others to provide joined-up services and this raises questions regarding how we manage the process and challenges we face in making our sharing lawful and appropriate.
What this all means, what to look at and how to achieve compliance will be looked at in this stroll through information sharing and what it will mean to you (and your clients).
Full PowerPoint Presentation

Data flow mapping & ensuring there is a lawful basis for processing personal data
Sadie Bell,
Data Protection Officer and Head of Information Governance & Security, Solent NHS Trust
Pre-event abstract
Monitoring, tracking and more importantly regularly reviewing data flows is extremely important for any organisation, so that they can assess what information is going where, is it secure and are there any risks. This closely links to the processing of personal and sensitive data, as your flows will in most cases identify what data you are processing. These data flows can then be used as your baseline for assessing data processing and identifying your legal basis. The method you take to undertake these tasks is therefore very important. This presentation explores the questions that should be asked and proposed approaches to undertake this task, such as;

  • How will we ensure we capture everything?
  • How do we tackle such a challenge?
  • We did this for GDPR, so we are compliant now…
  • What has changed?
  • Who should identify this?
  • Are you processing sensitive data?
  • How to make this Privacy by Design

It will also discuss and tackle some of the common issues around consent;

  • Is it needed???
  • Misconception
  • Common Law Duty of Confidentiality
  • The difference between consent and informing…. Changing the language

In addition this presentation will explore the transparency of sharing your data flows and legal basis for data processing. Ensuring patients and staff understand what GDPR means for them; using Solent NHS Trust’s Privacy Notice “Your Information Your Rights”, located at
Full PowerPoint Presentation

Also of Interest

Caldicott Guardian Training Course
Friday 15 March 2019, London

The Caldicott Guardian 2019: Ethical Decision Making & The Duty of Candour
Monday 18 March 2019, London

Caldicott Guardian Training Course
Friday 5 April 2019, London

Caldicott Guardian Training Course
Monday 29 April 2019 York

Caldicott Principles & Information Sharing Under GDPR
Tuesday 30 April 2019, York


21 January 2019


    Partner Organisations

    The Tavistock and Portman NHS Foundation TrustInPracticeClinical Audit Support CentrePlayoutJust For Nurses
    GGI (Good Governance Institute) accredited conferences CPD Member BADS (British Association of Day Surgery) accredited conferences