- This event has passed.
The General Data Protection Regulation (GDPR) is the most significant development in data protection that Europe has seen over the past twenty years. There is a much greater emphasis on compliance following a widely-held belief that business had not taken data privacy seriously enough previously. Therefore, penalties are considerably harsher and now include small and medium businesses with in the Public Sector.
There has never been a more important time to ensure that best practice is in place to secure patient and staff data, protect reputation and ensure compliance. A planned and structured approach to the inevitable changes required for both systems and user behaviour suggests that the sooner preparation is started the better.
Trustmarque in partnership with Evolve North, will deliver a practical workshop in respect to the GDPR for Healthcare. This workshop will include a detailed technical and procedural review using the ICO (Information Commissioners Office) 12 guiding steps as a starting point.
The content of this workshop has been designed to be digestible by both those with an Information Governance and a Technical IT Security interest within the Healthcare sector. One of the key objectives of the event will be to identify where the technical and procedural controls overlap to ensure a robust ISM (Information Security Management System).
The day is very interactive, with extensive detail that aims to provide clarity and an objective approach in preparing for the GDPR.
Date: 25th May 2017
Venue: The National Railway Museum, York
The workshop will cover:
- Awareness – practical examples and suggested approaches
- Information you hold – key areas that you will need to address including the Information Asset Register, Supporting Policy and Procedure and the impact of SAR (subject Access Request) and FOI (Freedom of Information)
- Communicating Privacy Information – the key areas and current ICO Guidance
- Individuals Rights – creating procedures to ensure the cover all the rights of individuals
- Subject Access Requests – establishing procedures and plans on how to handle requests within the new timescales
- Legal Right for Processing Personal Data – looking at the various types of data processing you carry out and providing guidance to ensuring you have appropriate documents in place
- Consent – explicit record of when an individual provides consent, this can present some significant procedural and technical challenges
- Children – key areas include consent from Parents/Guardians and Opt in and age range
- Data Breaches – review of the potential technical controls including Vulnerability Scanning, SIEM (Security Incident Event Management) DLP (Data Leakage Prevention) and IRM (Information Rights Management)
- Privacy by Design – technical design touching on 2 Factor Authentication and Network Access Control, supporting Procedure documents including New Systems Acquisition and Development and Privacy Impact Assessments
- Data Protection Officers (DPO) – practicalities including what is the DPOs functional job role and the ability to outsource the role