One of the key areas for all organisations who process personal data is making sure that they have accurate and comprehensive records of processing activities (ROPA) that meet the standards set out in Article 30 of UK GDPR which states that an organisation shall:
“…maintain a record of processing activities under its responsibility.”
There are several specified areas where records must be maintained, such as the purposes of processing personal data, data sharing and retention.
The law is not telling us to do this “just because”, it has real benefits for the organisation, its staff and service users.
In today’s interconnected world, organisations collect and store vast amounts of data, including personally identifiable information, financial records, intellectual property and trade secrets. A breach or compromise of such information can lead to severe consequences, including financial losses, reputational damage, legal implications and loss of customer trust.
An accurate and up to date ROPA demonstrates a proactive approach and enables organisations to identify and mitigate potential risks. By conducting risk assessments, organisations can gain insights into their vulnerabilities and threats, allowing them to implement appropriate controls and countermeasures.
Our Information Governance team can work with your organisation to develop a bespoke package of support to demonstrate full compliance with the ROPA requirements. This could include:
Development of tools for use by your organisation to establish information asset registers, information risk assessment frameworks and system security assessments and other relevant systems and processes
Colleague training and engagement
Full management and support to your organisation’s ROPA
Aligning processing activities to a lawful basis
Determining retention periods.
Contact us for more information on mlcsu.ig@nhs.net or 01782 916 875.
Supporting ICSs with approaches to design and deliver effective communication, engagement and behavioural insights as a key enabler for system change and…
Acting as an independent and trusted partner within the system to facilitate working across stakeholders and integrate elements of the provider system…
Digitising care and partnering with systems for the transformation of digitally enabled service delivery (and other supporting processes) across vision, planning and…
Supporting systems to build a sustainable and integrated workforce, transforming systems, organisations and the workforce experience to improve resilience.
Providing end-to-end funded care services, including patients as active partners in identifying their healthcare needs and then commissioning care to meet these.…
Applying intelligence-led understanding of the health of the population to support the redesign of care and improve patient and financial outcomes across…
Supporting providers to work together at a place and neighbourhood level to manage common resources, integrate community teams, improve health and reduce…