How to identify risks and increase organisational compliance with the UK GDPR and UK Data Protection Act.
Care providers are increasingly storing, processing and sharing personal information.
The COVID pandemic has driven a rapid rise in the use of technology – from remote monitoring and increased use of smart phones, to ordering prescriptions and sharing hospital discharge information.
Having access to this kind of accurate, up-to-date information is essential to making good decisions about people’s care, and it can reduce the time staff spend chasing information – leaving them free to deliver direct care.
With this increase in data sharing comes the need to ensure information is stored and shared safely.
Under data protection legislation, care sector organisations must:
- use personal information fairly and lawfully;
- collect only the information necessary for a specific purpose(s);
- ensure it is relevant, accurate and up to date;
- only hold as much as you need, and only for as long as it is required;
- allow the subject of the information to see it on request; and
- keep it secure.
Good information handling also makes good business sense. The benefits include:
- enhanced business reputation,
- increased customer and employee confidence,
- save both time and money (by ensuring that personal information is accurate, relevant and safe)
- avoidance of significant monetary penalties or legal proceedings.
BLS has extensive experience in the health and social care sector, working with large NHS trusts, to GP Federations, right through to rural sole-trader holistic services and independent care homes and support facilities.
How can we help?
If staff are appropriately trained, any organisation is well on the way to compliance with data protection legislation. Training needs will vary according to size and type of care organisation and BLS can conduct a training needs analysis on your behalf if required.
Our open courses are available to any member of any organisation and run online throughout the year and may be the answer to your data protection gap.
Alternatively, we can hold a bespoke course to fit you and ensure that all members of staff who have connection to the data you use, store and manage are appropriately trained at a time and place convenient to you.
See the links below to find out more on our training offerings, or to book an open course online.
- Caldicott Guardian (CG)
- Advanced Caldicott Guardian (CG)
- Senior Information Risk Owner (SIRO)
- Advanced Senior Information Risk Owner (SIRO)
- Data Protection Officer (DPO)
- Subject Access Request and Redaction (SAR)
- Data Protection Impact Assessment (DPIA)
- Information Asset Owner (IAO)
- Safer Recruitment
- Board briefings and senior management training (bespoke only)
Data Breach Management
No organisation is immune to a data breach and the consequences – and subsequent workload – can be extensive. BLS Stay Compliant are well versed in handling data breach incidents and can also help ensure measures are put in place to prevent future breaches.
If your organisation has suffered a data breach it is absolutely vital that you do not delay management.
Subject Access Request Management
Dealing with subject access requests can be a time-consuming and labour intensive task and is also time sensitive under data protection legislation.
BLS Stay Compliant can guide your organisation in responding to a SAR and can aid in setting up adequate practices should you receive one, including how to recognise a valid SAR.
The Information Commissioner’s Office (ICO) has the power to – and regularly does – audit any organisation to test data protection compliance. Our experts can conduct a thorough audit of your GDPR compliance and physical security, providing recommendations where necessary.
Data Security Protection Toolkit (DSPT) audit and assistance
The DSPT is a self-reporting tool that all organisations with access to NHS data must complete. The deadline for the next submission date is 30th June 2023.
At BLS Stay Compliant, we have years of experience in completing the DSPT and can guide your submission, provide a pre-submission audit and check your content follows the required framework.
Policy writing and reviews
Many organisations are not aware of what policies are required to ensure they are compliant with data protection legislation, or if they are in place, when they were last updated.
Our policy writing and review service offers peace of mind that your policies are not only up to date, but you have a full suite in place for your requirements.
Our expertise, on call, whenever you need it.
Our popular managed service offering is a 360 degree approach to your data protection – covering all of the above and more within a package that suits your budget and other resources.
We can act as your data protection officer, or other data protection related roles as required, or can simply act in the guidance position for any level of staff.
If we can offer any assistance with any of information, or other services as required, do get in touch via the form below.