Information Governance

Information Governance and Data Protection Officer

Information Governance focussed areas of support include:

  • Advice and support to the Data Protection Officer as part of the overall IG Support Service.
  • Expert advice around GDPR and DPA 2018.
  • Advice on National Security Directive and National Data Security Standards.
  • Advice and support to GP Practice to complete the DSP Toolkit (formerly IG Toolkit).
  • Review of the current IG policies for GP practices.
  • IG training (over and above the online module) to GP practices, if requested.
  • Support and advice for managing and investigating IG breaches and significant events / incidents.
  • IG advice to projects, including the review of DPIAs and Data Sharing Agreements prior to DPO approval.
  • Support and provide advice for managing and investigating IT significant events / incidents that may have IG implications for GP practices.
  • An annual review of processes which have caused an IG breach or near miss and advise affected GP practices where improvements could be made.

The DPO focussed areas of support include:

  • Support to GP practice for data protection queries.
  • Provision of independent and highly developed specialist knowledge and advice to GP Practices to ensure they remain compliant with changing legal requirements, including the General Data Protection Regulations (GDPR).
  • Independent risk-based advice to GP Practices to support decision making in the appropriateness of locally implemented Data Protection Impact Assessments (DPIA) for processing personal and other types of data within the principles and rights laid down in the GDPR and national legal requirements for regional projects.
  • Review and approval of DPIAs and DSAs on behalf of GP practices.
  • Advice on complex, sensitive or contentious GDPR and data protection issues and information sharing issues.
  • Acting as the point of contact for data protection issues and co-operation with the Information Commissioners Office (ICO).
  • Consulting with the Information Commissioner’s Office (ICO) where proposed processing poses a high risk in the absence of proposed mitigations.
  • Provision of a quarterly DPO activity report provided to CCGs covering GP practices data protection activity, without prior oversight of the practice.

Frequently asked questions about our Information Governance service:


How do I contact a Trainer with a clinical system query?

    In the first instance, please email us at agem.dpo@nhs.net
    Alternatively, you can also contact the Support Desk via the normal number and choose the appropriate option:
    • You can call us on 0345 0348690

Who is our new named DPO?

    The named DPO for the service is Judith Jordan, who leads a team of practitioner trained Data Protection Officers.

How can I contact the Data Protection Officer?

    The DPO function is a 9 to 5 support service and can be accessed via email or telephone. Emails from practices must be sent from an ‘NHS.net’ email only, with a subject line reading ‘GP-DPO-[query]-[name of practice]’ and must contain an email signature with the full name, role and contact details of the sender.
    • You can call us on 0121 611 0730
    • Email us at agem.dpo@nhs.net