Further to our recent article on the General Data Protection Regulation (GDPR), new research has found that even the NHS is underprepared for GDPR with just 6 weeks to go before it comes into force.
Underprepared For GDPR
The think tank, Parliament Street, have just released a report entitled, ‘Getting the NHS ready for the GDPR‘. The conclusions drawn from the survey were that the NHS is underprepared for GDPR. Specifically, Parliament Street found that:-
- Just £1,076,549 had been spent on preparing for GDPR by the 46 NHS trusts combined who had responded to the survey. This has been spent mainly on upgrading software, securing email, training, and consultancy.
- Just 55% of acute trusts and 47% of mental health trusts have an implementation plan
- Given the increasing costs of social care, the need to prepare for GDPR has placed an additional financial burden on the NHS
- Some trusts have spent less than £1,000 upon their GDPR preparations, including the Cheshire & Wirral Partnership NHS Foundation Trust and Alder Hey Children’s NHS Foundation Trust
- Luton and Dunstable Hospital Foundation Trust spent the most on its preparations (£111,200)
Recommendations Made By Parliament Street
The Department of Health and Social Care responded by stating that they were: “[developing] a comprehensive suite of guidance products. GDPR will replace the current Data Protection Act and will set a more robust framework for how we collect, store and share data across the health and care system in future. In addition to the guidance produced by the NHSE-led GDPR working group, there is considerable information and guidance available, particularly from the Information Commissioner’s Office.”
Parliament Street stated in its recommendations that: “we propose that the NHS establishes a national programme for managing and funding the GDPR and lobbies the Treasury for extra funding to support it. The government should [also] look to provide dedicated legal advice in the form of solicitors and specialist counsel to enable all trusts to gain free consultancy on implementation. [Moreover], a national NHS GDPR strategy should be established, bringing together lawyers, chief information officers and CEOs to ensure consistency between trusts.”