GP practice Data Protection Officer
Under the UK General Data Protection Regulation (GDPR) all GP practices are required to appoint a Data Protection Officer (DPO).
The role of the DPO is to assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the Information Commissioner.
The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level.
A DPO can be an existing employee or partner within the practice or externally appointed such as a supplier or the NHS NEL GP DPO service.
In some cases, several organisations can appoint a single DPO between them. For example, member organisations within a Primary Care Network may wish to appoint a single DPO to support the group.
DPOs can help you demonstrate compliance and are part of the enhanced focus on accountability.
In North East London (NEL), GP practice DPOs have an important role in helping with information governance assessments for the roll out of primary care programmes and services. DPOs also review data access requests for GP data from the Discovery Data Service to be used for direct care, research or planning purposes. Please refer to the NEL Data Sharing Framework on the Data Controller Console for more information.
NHS NEL GP DPO Service for GP practices
The ICB provides a free DPO service for GP practices within the NEL footprint. The DPO supports practices with data protection issues such as managing personal data breaches, dealing with information requests for personal data, and helping with information governance assessments. The DPO also supports practices with the annual Data Security and Protection Toolkit (DSPT). The full DPO service spec is available on the self-help portal (open with Microsoft Edge): A3A8R_GPDSPT – Home (sharepoint.com).
To enquire further about the DPO service or appoint the NHS NEL GP DPO, please raise a ticket for the attention of the NHS NEL GP DPO via the NHS NEL Service Desk at Itservicedesk.nelicb@nhs.net (email) or 0300 303 6778 (telephone).
Primary Care networks
At present in NEL there is no funded DPO service for Primary Care Networks, but the local agreement is that the NHS NEL GP DPO can help with generic data protection advice and support.
Please raise a ticket for the attention of the NHS NEL GP DPO via the NHS NEL Service Desk at Itservicedesk.nelicb@nhs.net (email) or 0300 303 6778 (telephone).