25 practices signed up so far for Federation GDPR Data Protection Officer Service

  • 25 GP Practices have now signed up to be members of the Federation's GDPR Data Protection Officer Service
  • The service provides the DPO function for subscribers to support GDPR compliance
  • Includes access to a self-assessment toolkit and review by the DPO on current level of practice GDPR actions

According to the Information Commissioner’s Office, a GDPR Data Protection Officer (DPO) can be externally appointed and several organisations can appoint a single DPO between them.

The DPO should have experience and expert knowledge of data protection law, proportionate to the type of processing you carry out, taking into consideration the level of protection the personal data requires.  The Information Commissioner also says it would be an advantage for a DPO to also have a good knowledge of its industry or sector, as well as its data protection needs and processing activities.

In line with this criteria, the ELR GP Federation sourced suitably experienced and qualified expert support to enable it to fulfil the role of Data Protection Officer for its member practices and/or any other GP practices who wish to subscribe to the service.

In line with ICO recommendations, the role of the ELR DPO is to:

  • Assist to monitor internal compliance, inform and advise on data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority;
  • Be independent, an expert in data protection, adequately resourced, and report to the highest management level; and
  • Help demonstrate compliance as part of the enhanced focus on accountability.

To do this, the ELR DPO immediately provides for any practice signing up to the ELR DPO service:

  • The DPO function;
  • Access to a self-assessment toolkit to enable self- assessment and review by the DPO of  current level of GDPR readiness;
  • Initial review by the DPO of that self assessment with comments or advice;
  • An e-mail first point of contact for data protection issues questions  – (dpo@elrgpfed.com);

As the DPO service develops, it will progressively develop:

  • Standard templates for such things as Privacy Notices / Leaflets / wording for websites;
  • FAQs;
  • Feedback/question form relating to GDPR issues;
  • Liaison with the ICO, DH, NHS England, BMA as necessary on issues relating to GDPR; and
  • An annual online GDPR refresher assessment for each member practice.

For more information on the ELR DPO Service, contact james.watkins@elrgpfed.com