As the UK will still be a member of the EU in May 2018, the Government has confirmed it will implement the GDPR on schedule.
GDPR policy and guidance, which will be published by the Information Governance Alliance (IGA) is being developed by a national GDPR working group chaired by NHS England. The IGA has already produced a briefing note highlighting the things health organisations should be considering right now.
The working group is issuing staged guidance, with the first suite, on changes to data protection legislation, published in November 2017. Further guidance on topics such as NHS data protection accountability and governance, implications of the GDPR on health and social care research, transparency, consent and subject rights, personal data breaches and notification and profiling and risk stratification will be issued in the months leading up to May 2018.
You can find the IGA’s advice here at NHS Digital – but don’t get your hopes up: the ICA already admits that it’s running late releasing advice; and larger NHS organisations ought to be some way down the road of GDPR preparations already.
The Information Commissioner’s Office (ICO) has also produced a living document which includes links to relevant sections and updated guidance produced by the EU’s Article 29 Working Party, which includes data protection representatives from each EU member state and the ICO is the UK’s representative.
Prepare your organisation and your workers for the GDPR and data protection changes with our range of online data protection learning courses.