Data Protection Officer as a Service (DPOaaS)
NHS Informatics Merseyside provides a Data Protection Officer as a Service (DPOaaS) offering a named Data Protection Officer and supporting Information Governance Team that can offer advice and support for day-to-day data protection, privacy issues and assist with data breach responses and management.
The service supports Organisations discharging their Data Protection Officer (DPO) duties and deploying their Information Governance responsibilities in-line with legislation and national standards.
Service features
- A named Data Protection Officer
- Data protection and information governance support and guidance
- Primary care portal for GP Practices and Primary Care Networks (PCNs) – providing documents, templates and guidance.
Service benefits
- Advice and guidance on the Data Protection Act 2018, UK General Data Protection Regulation and other relevant legislation
- Answering queries on all aspects of data protection
- Sharing national Information Governance policy and best practice
- Support and guidance on completing Data Protection Impact Assessments (DPIAs)
- NHS Data Security and Protection Toolkit (DSPT) support
- Data Protection Officer reviews of; Privacy Notices, DPIAs, Data Sharing Agreements (DSAs), Data Processor Agreements (DPAs)
- Provision of generic templates that can be customised for use (DPIAs, DSAs, Privacy Notices, Policies, etc)
- Advice on privacy by design and default
- Data breach management support
- Information governance awareness training
- Information governance workshops and forums
Optional service features
The Service can provide additional Information Governance support outside the scope of this service such as, bespoke training or input with specialist projects.
Service availability
DPOaaS supported hours are 9.00am to 4.00pm, Monday to Friday (excluding Bank Holidays).
Further information
Organisations interested in receiving further information about the Service, please contact dpo.im@imerseyside.nhs.uk