General Data Protection Regulation (GDPR) guidance
This guidance from the national GDPR working group and IGA will help the NHS, social care and partner organisations prepare for EU General Data Protection Regulation (GDPR), when it begins in May 2018.
This policy and guidance is being developed by the national GDPR working group, chaired by NHS England, for publication by the Information Governance Alliance (IGA).Those with senior responsibility for Information Governance can use the guidance to learn how to comply with the GDPR. This includes Caldicott Guardians, operational IG leads and managers, plus all employees.
The guidance will help organisations to make the changes needed due to the EU General Data Protection Regulation, which will happen regardless of Brexit.
While the IGA will cascade this information it is not able to answer specific enquiries relating to the Regulations. Please contact the Information Commissioner's Office (ICO) with enquiries.
- The ICO has produced a range of resources on its data protection reform website. GDPR guidance will continue to be published on this site.
When guidance is being published
The IGA is experiencing delays in the publication of the General Data Protection Regulation (GDPR) advice material.
The IGA is working hard with other partners to try and ensure material is published as quickly as possible. However, we do acknowledge the need to consider both the forthcoming Article 29 working party guidance that will inform what the ICO will produce, and the Data Protection Bill. When this is approved it may change the advice provided.
The list below gives an idea of the expected timeframe for publication. Please note this may change and details will be updated here.
- Changes to Data Protection legislation: why this matters to you (CEO briefing on GDPR and Accountability for Data Protection)
- Frequently asked questions [35.04KB] (updated regularly)
December 2017-February 2018
- What's new
- The data protection officer
- Transparency and subjects' rights
- Social care awareness guidance
- Data protection accountability and implementation priorities
- Lawful processing
- Privacy by design and default
- Personal data breaches and notification
- Profiling and risk stratification
- GDPR overview
- GP Practice / primary care suite
The IGA will continue to provide more information about how health and care organisations are affected and what you can do as it becomes available.
Watch this GDPR webinar
Please watch a GDPR webinar that was presented from Leeds in February 2017.