top of page

Our Team

Paul Couldrey

Paul Couldrey is seen as a NHS leader in Information Governance (IG) compliance.  Paul is the former Head of IG for NHS Central Midlands Commissioning Support Unit (CMCSU), which supports over 10 CCG and overseas health authorities in compliance with legalisation.  Paul has been involved in Information Governance since 1991 whilst working for the West Midlands Police as a compliance officer and has managed IG at a senior level in law enforcement, local authorities and the NHS (since joining a PCT in 2003).  Paul is qualified in information law, and has spoken at numerous national conferences in regards to Governance, he was also the Black Country contributor to the Caldicott Review (Caldicott 2) published in June 2013. Paul is the co-author of the West Midlands Code of Practice for Data Protection compliance, a document that was the first purchased guidance document used to form version 1 of the NHS IG toolkit (now in version 12).  Paul supported the North West DSCRO (Data Services for Commissioners Regional Office) with Information Governance, including developing data contracts, s.251 support and toolkit responses, Paul is also the President of the West Midlands Information Governance Group.  Currently Paul is the DPO (Data Protection Officer) for a number of Private Hospitals, Dentists, Pharmacies and General Practitioners across the UK.

Key Achievements includes:

  • Developed and managed a total Integrated Governance service bringing together Information Governance, Corporate Governance, and Quality (Clinical Governance) within NHS Dudley.  Managing Complaints, Incidents, Risk, Local Security Management, Business Continuity, Policy development, Freedom of Information, Board reporting, Board Assurance mechanisms, Data Protection and customer concerns/improvements to a single service, enabling a holistic view for the Board on all aspects of Governance.  This provided a higher level of assurance whilst managing a cost reduction and duplication of corporate tasks.

  • Managed the transfer of community services process in Dudley in regards to Governance compliance.

  • Managing the Information Governance process for close down of all the Primary Care Trusts in the Birmingham & Black Country Cluster (NHS Dudley, Wolverhampton City PCT, NHS Walsall, Sandwell PCT, Heart of Birmingham PCT, Solihull PCT, South Birmingham PCT and Birmingham East & North PCT).  Including Information Asset transfer to CCGs, Acute and NHSE.  Records management transfer and continuing access requests, establishing and transferring Information Rights ownership.

  • Managing the whole Information Governance Agenda across the Birmingham & Black Country Cluster for 12 months to ensure smooth transition but also to improve delivery to patients and the NHS through the restructure, servicing all 300+ GP Practices.

  • Developed the Overarching information sharing process, across all PCTs in the Cluster, and then later to all CSU CCG customers, achieving a 100% record of CCGs signing the process of Information sharing between themselves, the CSU, all local Acute Trusts, all Local Authorities and Police Authority, the first in the UK to be recognised by the Information Commissioners Office.

  • Managed implementation of a new Incident reporting system to staff and complaints handling process, including a Clinical Advice service for General Practice’s pilot for Primary Care.

  • Managed the process of being the First NHS Trust to formally sign the IOC Privacy Promise.   

  • Managed an IG service to 10 CCG’s achieving a 100% KPI monthly target in compliance with FOIA requests and IG toolkit improvement, and establishing information sharing with overseas clients.  Each Client showing a minimum 20% improvement on IG Toolkit compliance.

  • IG consultant for NHSE in regards to Cross Border data sharing, lead IG consultant for TNR (The National Repository) data sharing across all NHS organisations in the UK.









bottom of page