Overview
Depending on which category of organisation you fit, you will be required to provide answers to ten data security standards, set out by the National Data Security Guardian.
If you are uncertain where to start, or simply do not have the capacity to review and upload your evidence to mandatory questions, the team at Databasix UK can support you.
How we can help you:
We will review, draft or format your key control documents as required for the NHS Toolkit. This is done in close consultation with the relevant members of your team so that the documents accurately reflect your organisation in context
Policies and key controls
- Create or review your Register of Processing Activities.
- Write or review your suite of data security and protection policies and procedures including the following:
- A data protection policy for all staff, including practical guidance on how to handle, store, keep accurate and transfer data.
- Retention schedule / policy
- Data Disposal policy
- Ensure all policies include ways of working relevant to hybrid working / remote working)
Management tasks and reporting controls
- Ensure your submission is uploaded before 30th June 2023.
- Register your organisation with the Information Commissioner’s Office.
- Support creating appropriate governance structures to ensure data protection remains high on the organisational agenda.
- Managing Data Breach Process, including template forms to complete as part of any investigation.
- Handling subject access request process, and consider other relevant individual rights.
- Data processing checklist to support procurement decision.
- Draft a business continuity plan, including a risk assessment.
People and training
- Process to establish Data Protection training programmes / records.
- Conduct a training needs analysis to identify the level of compliance.
- Staff exit checklist, to ensure all personal data and equipment belonging to the company is returned.
- Update job descriptions to ensure that relevant data protection responsibilities are listed.
- Introduction to UK GDPR e-Learning Course
- Data Protection Compliance Team training
- Data Protection Briefing for Senior Management
- Upload responses to Toolkit questions, along with the required evidence for you to approve.