Information Governance and Data Protection Officer
The Arden & GEM IG Team provides support, guidance, and advice to assist practices in maintaining compliance with IG legislation, NHS protocol and guidance. Support is delivered by an experienced team of IG Managers who are qualified to Foundation and Practitioner level in UK Data Protection Act 2018, encompassing all aspects of common-law duty of confidence, information security, DSP Toolkit and Caldicott standards. They work very closely with, and are aligned to, other IT services to provide assurance to GP practices of overall IG compliance.
Information Governance focussed areas of support include:
- Advice and support to the Data Protection Officer as part of the overall IG Support Service.
- Expert advice around GDPR and DPA 2018.
- Advice on National Security Directive and National Data Security Standards.
- Advice and support to GP Practice to complete the DSP Toolkit (formerly IG Toolkit).
- Review of the current IG policies for GP practices.
- IG training (over and above the online module) to GP practices, if requested.
- Support and advice for managing and investigating IG breaches and significant events / incidents.
- IG advice to projects, including the review of DPIAs and Data Sharing Agreements prior to DPO approval.
- Support and provide advice for managing and investigating IT significant events / incidents that may have IG implications for GP practices.
- An annual review of processes which have caused an IG breach or near miss and advise affected GP practices where improvements could be made.
The DPO focussed areas of support include:
- Support to GP practice for data protection queries.
- Provision of independent and highly developed specialist knowledge and advice to GP Practices to ensure they remain compliant with changing legal requirements, including the General Data Protection Regulations (GDPR).
- Independent risk-based advice to GP Practices to support decision making in the appropriateness of locally implemented Data Protection Impact Assessments (DPIA) for processing personal and other types of data within the principles and rights laid down in the GDPR and national legal requirements for regional projects.
- Review and approval of DPIAs and DSAs on behalf of GP practices.
- Advice on complex, sensitive or contentious GDPR and data protection issues and information sharing issues.
- Acting as the point of contact for data protection issues and co-operation with with the Information Commissioners Office (ICO).
- Consulting with the Information Commissioner’s Office (ICO) where proposed processing poses a high risk in the absence of proposed mitigations.
- Provision of a quarterly DPO activity report provided to CCGs covering GP practices data protection activity, without prior oversight of the practice.