How the NHS Should Prepare for the EU GDPR

How the NHS Should Prepare for the EU GDPR
July 09 12:36 2015 Print This Article

How the NHS Should Prepare | GDPRGovernment Officials in the UK have been facing ongoing backlash over their ability to protect citizen information following a string of data breaches over the past few years. Most recently, East Sussex NHS Trust came under fire for misplacing a memory stick containing the personal data of 3,000 of its patients. The ICO has levied more than £5 million worth of civil monetary penalties against the public sector, with these fines set to increase with the finalization of the EU General Data Protection Regulation (EU GDPR), which will come into effect in 2017.

This latest data breach incident at the NHS comes at an inopportune moment, with the launch of the much-anticipated initiative and the proposition that increasingly mobile healthcare data can be kept secure by the NHS. In an article on the Information Daily, I discuss the current state of data security at the NHS and how continued data security scares could impact connected initiatives over the next 5 years. How can the NHS keep a healthy data protection strategy? discusses the impact data breaches have on initiatives such as as well as more broadly on the NHS’s Five Year Forward View, which includes investment in connected devices and initiatives for better data governance and integrated data.

With new compliance requirements and fines looming, and important initiatives underway, it’s now more important than ever for the NHS to restructure its data protection strategies. In the article, I discuss a number of provisions in the new EU GDPR which will affect how the NHS manages patient data, including:

  • The need for a data protection officer
  • The requirement to inform patients if a breach should occur (unless the device is rendered inoperable and the data is encrypted)
  • Strict deadlines
  • Heavy penalties

The key priority for the NHS between now and when the EU GDPR comes into effect will be ensuring steps are in place to minimise the impact of breaches and ensure that when things go wrong, everyone involved knows what to do. In the article, I discuss how the NHS should be making everyone aware of the upcoming data legislation and what it means for data management (point 1: education), creating an actionable and clear policy (point 2: policy), and implementing underlying technologies which can protect patient data in the event of a breach (point 3: technology).

Absolute Data & Device Security (DDS) allows organisations to persistently track and secure all of their endpoints within a single cloud-based console. Computers and ultra-portable devices such as netbooks, tablets, and smart phones can be remotely managed and secured to ensure—and most importantly prove—that endpoint IT compliance processes are properly implemented and enforced.

Original article published here.

view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


  1. untuk anak
    May 10, 16:18 #1 untuk anak

    Heya i’m for the first time here. I found this board and I
    find It truly useful & it helped me out much. I hope to give
    something back and help others like you aided me.

    Reply to this comment
  2. fidelianeuhaus
    August 11, 20:57 #2 fidelianeuhaus

    Hello! I could have ѕworn I’ve visited this web sіte before but after looking
    at a few of thе posts I realizeԀ it’s new to me.
    Anyhow, I’m certainly happy I dіscovered it and I’ll be bookmarking it and cheⅽking back rеgularly!

    Reply to this comment

Add a Comment