The National Data Guardian, Dame Fiona Caldicott, has compiled and recommended a framework of “10 data security standards” which will be applicable to all health and care organisations. It will apply to NHS Providers, Clinical Commissioning Groups, General Practices, Local Authorities and Social Care Providers. It will also place responsibility on these organisations to fully assess the compliance of any third-party suppliers who manage or process data on their behalf.
This new approach, which will assure that healthcare organisations are meeting their statutory obligations on information security and data protection, will be delivered using a new Data Security and Protection (DSP) Toolkit, which replaces the long established existing Information Governance (IG) Toolkit. The DSP Toolkit requires health and care organisations to undertake preparations for compliance with the EU General Data Protection Regulation, which takes effect on 25th May 2018.
This Toolkit is arranged into three categories of leadership obligations: people, process and technology.