From 25 May 2018, all health organisations and arm’s-length bodies will need to demonstrate compliance with new General Data Protection Regulation (GDPR) requirements. GDPR will replace the Data Protection Directive (1995) | NHS Employers
Employers are encouraged to plan ahead for the operational changes and consider how they will raise awareness of the new requirements and evidence they meet them. This will include:
- Planning and resourcing the appointment of a data protection officer whose job description is compliant with GDPR requirements.
- Revising information governance and related policies, addressing accountability, data protection officer reporting arrangements and statutory reporting requirements.
- Creating an action/project plan which includes a set of measures to meet the requirements, ideally endorsed by the board.
Read the full overview here