The statutory obligation on GP practices, GP federations and PCN companies to designate a Data Protection Officer (DPO) does not end with engaging somebody to undertake the role. GP Partners and company directors remain responsible for ensuring the competency of their DPO, and can be held liable if the DPO fails to properly undertake their duties.
Designating and supervising/undertaking the role of DPO is not straightforward and many GP practices and other primary care organisations are not meeting their statutory obligations. The ICO continues to offer advice to data subjects on claiming compensation as a result of a data breach or an infringement of their data protection rights, further increasing the risk of claims against GPs for data protection failures.
Hosted by our data protection and compliance specialist David Sinclair, this webinar provides:
- an update on the relevant statutory obligations
- top tips to reduce the risk
- steps to take in the event of a claim