GDPRThe Information Governance Alliance (IGA) has published information to help healthcare organisations stay compliant with the new GDPR rules.

The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 and will require all organisations with personal data to meet strengthened standards for data protection.

Some of the changes include:

  • The requirement, where appropriate, to appoint a data protection officer
  • Organisations will be obliged to demonstrate that they comply with the new law
  • Significantly increased penalties possible for any breach of the regulation – not just data breaches
  • A legal requirement for security breach notification within 72 hours
  • The removal of charges, in most cases, for providing copies of records to patients or staff who request them and a new timescale to provide this within one calendar month
  • The requirement to keep records of data processing activities
  • Increased rights of the data subject.

Read more on GDPR:


‘It is my strong belief that GDPR will give us the framework we need to build patient confidence in how their information will be accessed and used, and ensure that we can continue to yield the benefits of having a more connected and integrated approach to data management,’ Lord O’Shaughnessy says.

‘The new laws also put more power into the hands of the patient.

‘They will mean that for the first time patient data can be requested and obtained within a month – rather than the current 40 days.

‘Patients will also have the power to request their information is moved, deleted or altered.

‘They will, in other words, have greater agency and control over how their data is managed than ever before.’

The guidance information from IGA is available here: digital.nhs.uk/information-governance-alliance/General-Data-Protection-Regulation-guidance.