Compliance and Information Governance
The everyLIFE value proposition is based heavily upon the obvious benefits of The PASSsystem. However, this is significantly strengthened by this company’s commitment to the very highest levels of corporate governance and risk management.
Led by Chief Information & Compliance Officer, Taffy Gatawa, who has a background in NHS governance, the business employs documented and measured processes to govern all business functions and implications, both upon a day-to-day basis, and in the event of crisis. Risk and governance topics are actively measured and reported weekly to the board as leading indicators.
This approach begins with a formal policy of transparency and an equitable contractual stance that breeds trust and encourages a frank and open dialogue. Without question, this is the most productive manner for client and supplier to engage and, in the context of governance, clearly reduces risks for both parties going forwards.
All everyLIFE governance processes are open for client review, however, in summary, the business enforces training and best-practice relating to each of the following:
Team by team, function by function
Health & Safety
Staff, client and service user
GDPR-ready product & GDPR-ready business
All staff externally accredited via NHS assessment process
Product best-practice cross checks
Incident reporting and management
National Cyber Security Centre
Portcullis / Cisco (penetration testing)
Care Quality Commission
Care Inspectorate Wales
Third party contract management
ISO: 27001 & 9001
NHS: IG Toolkit V14.1
Disaster recovery & business continuity
Equality, diversity, sustainability and social responsibility
GDPR – What you need to know
The General Data Protection Regulations (GDPR) will come into force on 25 May 2018 and will replace the current Data Protection Act (1998). The regulations will apply to all European Union member states, and the UK government has confirmed that, notwithstanding Brexit, the regulations will be adopted within the UK.
Subject-Matter and Objectives
The regulations lay down the rules in relation to processing personal data and rules relating to the free movement of data. The regulations aim to protect the fundamental rights and freedoms of individuals, particularly the right to the protection of personal data. The rights of the individual are:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision making, including profiling
Meeting our Obligations
We take our responsibilities under the GDPR regulations seriously and will ensure that any data processing we undertake is lawful. In circumstances where we process personal data on behalf of a data controller, we will collaborate as necessary with the data controller to fulfil their obligations under the regulations.
Over the last few months, we have been reviewing our processes to ensure that they comply with the regulations, including all privacy notices. We have engaged with regulators to understand how the new law will be interpreted and have proactively invited the ICO to complete an advisory visit.
We continue to work with the relevant industry experts in our GDPR readiness activities and our existing information governance and security framework will provide a robust foundation for implementing our compliance measures.
Working with Third Parties
Where we work with or commission third party suppliers to process personal information, we ensure that we have appropriate confidentiality and data protections clauses within our contacts setting out responsibilities and our expectations for handling information, including gaining confirmation from the third party regarding the technical and organisational measures they employ to ensure data protection.
The PASSsystem customers can be assured that we continue to take steps to ensure the ongoing protection of the personal data, including strengthening our information governance processes through submission of the IG Toolkit.
Other Useful Links
To contact the Information Commissioner’s Office – ICO
To access information on the European General Data Protection Regulations – EU GDPR website
You may contact our Data Protection Officer by emailing firstname.lastname@example.org. Please use this address if you have a data processing query or complete the contact form below, remembering to tick the Data Protection box.
Information and changes updated and passed to frontline staff immediately – a fantastic piece of IT.