All health and social care organisations handling confidential information are required to have a Caldicott Guardian in place by 30th June 2023.

This follows a public consultation by the National Data Guardian (NDG), stating an increased need for Caldicott Guardians across the wider health and social care sector.

The NDG has issued guidance to cover which organisations require a Caldicott Guardian (sometimes mispelled as ‘Caldecott Guardian’), how to appoint them, supporting the role and what will be required of the individual once in situ.

The guidance applies to all public bodies within the health service, adult social care or adult carer support sector in England that handle confidential information about patients or service users.

Under data protection legislation, health and social care sector organisations must:

• use personal information fairly and lawfully;
• collect only the information necessary for a specific purpose(s);
• ensure it is relevant, accurate and up to date;
• only hold as much as you need, and only for as long as it is required;
• allow the subject of the information to see it on request; and
• keep it secure.

Good information handling also makes good business sense. The benefits include:

• enhanced business reputation,
• increased customer and employee confidence,
• save both time and money (by ensuring that personal information is accurate, relevant and safe)
• avoidance of significant monetary penalties or legal proceedings.

BLS has extensive experience in the health and social care sector, working with large NHS trusts, to GP Federations, right through to rural sole-trader holistic services and independent care homes and support facilities.

How can we help?

Training

If your Caldicott Guardian requires training, our expert team run open courses, bookable via our website, specifically for Caldicott Guardians new to the role with additional advanced or refresher training for those who require further sessions.

Data protection training is imperative for any role – if staff are appropriately trained, any organisation is well on the way to compliance with data protection legislation. Training needs will vary according to size and type of organisation and BLS can conduct a training needs analysis on your behalf if required.

Our open courses are available to any member of any organisation. Each course runs online several times throughout the year and may be the answer to your data protection gap.

Alternatively, we can hold a bespoke course to fit you and ensure that all members of staff who have connection to the data you use, store and manage are appropriately trained at a time and place convenient to you. This is often useful for groups of organisations who may find it more beneficial to train their teams together.

See the links below to find out more on our training offerings, or to book an open course online.

• Caldicott Guardian (CG)
• Advanced Caldicott Guardian (CG)
• Senior Information Risk Owner (SIRO)
• Advanced Senior Information Risk Owner (SIRO)
• Data Protection Officer (DPO)
• Subject Access Request and Redaction (SAR)
• Data Protection Impact Assessment (DPIA)
• Information Asset Owner (IAO)
• RIPA
• Safer Recruitment
• Board briefings and senior management training (bespoke only)

Data Security Protection Toolkit (DSPT) audit and assistance

The DSPT is a self-reporting tool that all organisations with access to NHS data must complete. The deadline for the next submission date is the same date as Caldicott Guardians should be in place – 30th June 2023.

At BLS Stay Compliant, we have years of experience in completing the DSPT and can guide your submission, provide a pre-submission audit and check your content follows the required framework.

Find out more about our DSPT guidance

or

Request a DSPT audit.

Data Breach Management

No organisation is immune to a data breach and the consequences – and subsequent workload – can be extensive. BLS Stay Compliant are well versed in handling data breach incidents and can also help ensure measures are put in place to prevent future breaches.

If your organisation has suffered a data breach it is absolutely vital that you do not delay management.

Find out more about our data breach management service.

Subject Access Request Management

Dealing with subject access requests can be a time-consuming and labour intensive task and is also time sensitive under data protection legislation.

BLS Stay Compliant can guide your organisation in responding to a SAR and can aid in setting up adequate practices should you receive one, including how to recognise a valid SAR.

More information on our subject access request offering. 

Audits

The Information Commissioner’s Office (ICO) has the power to – and regularly does – audit any organisation to test data protection compliance. Our experts can conduct a thorough audit of your GDPR compliance and physical security, providing recommendations where necessary.

Find out more about our expert audit options.

Policy writing and reviews

Many organisations are not aware of what policies are required to ensure they are compliant with data protection legislation, or if they are in place, when they were last updated.

Our policy writing and review service offers peace of mind that your policies are not only up to date, but you have a full suite in place for your requirements.

Find out more about policy writing and reviews.

Managed Service

Our expertise, on call, whenever you need it.

Our popular managed service offering is a 360 degree approach to your data protection – covering all of the above and more within a package that suits your budget and other resources.

We can act as your data protection officer, or other data protection related roles as required, or can simply act in the guidance position for any level of staff.

Find out more about our managed service.

If we can offer any assistance with any of information, or other services as required, do get in touch via the form below.