You will be aware the General Data Protection Regulation (GDPR) comes into effect on 25th May 2018 and all organisations are currently preparing for the new regime. As a result, Newcastle Premier Health have been working to build on its current information governance framework, policies and procedures to ensure compliance prior to the enforcement date.
The emphasis of GDPR is to put extra responsibilities on organisations of any size who process personal data as an evolution of the current data protection framework. It also places increased focus on the principle of accountability which requires organisation that process data to demonstrate compliance with the core principles of data protection from lawfulness, fairness and transparency to data minimisation.
However, accountability doesn’t stop at data flows within our own organisation. Given how data often moves between other companies we work with, our relationships with suppliers is a critical factor in our compliance journey.
We have recognised that you are a data processor in our supply chain (we supply data to you in order to provide services to our clients or staff). As such, it is our duty to ensure you are made aware of GDPR and that you are putting controls and processes in place to guard the sensitive data we share with you.
With this in mind, we would like to ask that you confirm the following statements:
The reporting of all breaches of confidential/personal data forms part of our incident reporting process. Any breaches to the data must be reported to our Quality Assurance Manager via email to firstname.lastname@example.org as soon as identified.