top of page

The New General Data Protection Regulation (GDPR) For Health and Social Care

General Data Protection Regulation & Preparing for Implementation


The 25th May 2018 sees the introduction of the General Data Protection Regulation (GDPR). This is the biggest change in data protection law for 20 years. The course will help health and social care organisations to practically prepare for the implementation of the GDPR.  The changes to “consent models”, definitions of personal data, Pseudonymisation and the newly introduced Right to be forgotten will all have huge impacts on providers and commissioners of health and social care services.

This workshop examines the Regulation in detail, linking the common-law duties of confidentiality, Caldicott Reviews and SIRO processes, to ensure organisations stay ahead of the game. This workshop is suitable for the public sector and private sector.

Overview of the Regulation

How the current Data Protection definitions and principles are     transposed - Caldicott Principles and Data Security requirements 

Caldicott Guardian, DPO (Data Protection Officer) and SIRO working together

Consent for processing data -providing care and secondary uses

Profiling -Risk Stratification -Business intelligence -service planning

Privacy notices / fair processing notices

Pseudonymisation and use of de-identified data for secondary uses

Children Consent issues (service user online access) and parental responsibility

Changes to subject access (Access to records/ Health and social acre considerations)

IG SIRI reporting and new mandated breach reporting

Right to be forgotten

Organisational responsibilities as ‘data controller’ or ‘data processor’

Privacy Impact Assessments

Basis for collecting and using data with Legal approaches to sharing personal data

Records Management changes


bottom of page