We understand the importance of ensuring that you can demonstrate robust compliance with the Accountability Principle of the Data Protection Act 2018.

Whether this is by way of evidencing and maintaining compliance with the NHS Data Security and Protection Toolkit (DSPT) or Cyber Assessment Framework (CAF), by supporting the achievement of standards such as ISO27001, or by working with you to ensure that a sound information governance (IG) framework is in place within your organisation, the NHS Midlands and Lancashire (ML) IG team will provide tailored support to meet your organisation’s needs.

NHS ML will work with you on anything from specific support in an area which requires review and improvement to a complete, fully managed, end-to-end IG service. We can even work with you to assess your current IG framework to identify any areas of improvement through our Data Protection Wellness Checks.

From working with you to develop policies, procedures and guidance, to supporting the development of assurance documentation such as Data Protection Impact Assessments (DPIAs) we will ensure your organisation meets all its legal data protection responsibilities. DPIAs should be completed whenever a new system, service, or process is implemented and personal data is processed.

Data Protection Compliance support includes:

• Development or review of policies, procedures and guidance to meet the compliance needs of your organisation
• Data Protection Impact Assessments – template documentation, implementation and project-specific support, working with the NHS ML Digital Clinical Safety team where applicable
• Data sharing and contracts – ensuring that your organisation has appropriate documentation in place where personal data is shared with another party
• Breach management – development and implementation of data breach management processes, training, breach assessments and investigations, root cause analyses and process reviews
• Records of processing activity (ROPA) to ensure compliance with UK GDPR Article 30
• Procurement support – supplier due diligence to ensure they have robust data protection measures in place and assessment of bid responses relating to data protection
• Communications – briefings and newsletters focussing on relevant issues and themes based on queries received by the wider service as well as legislative, national or sector specific updates
• Training to ensure your team fully understands their responsibilities around data protection and freedom of information, with bespoke sessions to address specific areas of development
• Data protection officer – provision of a named data protection officer and supporting function
• Information rights – advice or full management of freedom of information, environmental information rights, subject access requests, along with all other individual rights outlined in the Data Protection Act.

All of these services can be completey tailored to your organisation’s needs.

Contact us for more information on mlcsu.ig@nhs.net or 01782 916 875.