[Skip to content]

East Midlands Strategic Health Authority
Search our Site
.

Data Protection Compliance

Request

Would you please provide the following information under the Freedom of Information Act 2000:

  1. The job title of the person with senior management responsibility for compliance with the Data Protection Act 1998.

  2. The job titles of anyone with day to day responsibility for compliance with the Act across more than one department.

  3. To what extent does your organisation use external consultants to support Data Protection compliance?

  4. What are the types of roles undertaken by these Data Protection consultants?

  5. Does your organisation comply with any national or international standards in relation to Information Governance or Data Protection, for example:

       (a)    An Information Governance Toolkit; or
       (b)   BS 10012 (Data Protection); or
       (c)    ISO 27001 (Information Security)?

If so, please provide details of the relevant standards and the job titles of the people with primary responsibility for ensuring compliance with those standards.

Our Response

I refer to your email of 3 August 2010 requesting information in respect of Data Protection Compliance.

I can confirm in accordance with S.1 (1) of the Freedom of Information Act 2000 (FOIA) that we do hold the information that you have requested.

I will address each of your queries in turn:

1.    The job title of the person with senior management responsibility for compliance with the Data Protection Act 1998.

  • Director of Corporate Affairs

2.    The job titles of anyone with day to day responsibility for compliance with the Act across more than one department.

  • FOI/DPA Manager

3.    To what extent does your organisation use external consultants to support Data Protection compliance?

  • NHS East Midlands will request specialist advice on an ad-hoc basis as and when this is felt necessary.

4.    What are the types of roles undertaken by these Data Protection consultants?

  • Provision of ad-hoc specialist advice and staff training as and when this is deemed necessary

5.    Does your organisation comply with any national or international standards in relation to Information Governance or Data Protection, for example:

(a)  An Information Governance Toolkit; or
(b)  BS 10012 (Data Protection); or
(c)    ISO 27001 (Information Security)?

If so, please provide details of the relevant standards and the job titles of the people with primary responsibility for ensuring compliance with those standards.

  • NHS East Midlands complies with national NHS Information Governance toolkit standards with an overall compliance score for 2009/10 (IGT v.7) of 98%. The person responsible for this within the organisation is the Information Governance Workstream Lead.

I hope that this information is of use.  If you are dissatisfied with the way in which we have dealt with your request you can ask us to review our decision by writing to:-

Mr Moosa Patel
Director of Corporate Affairs
NHS East Midlands
Octavia House
Interchange Business Park
Bostock's Lane
Sandiacre
Nottingham
NG10 5QG

If at the conclusion of any review you remain dissatisfied you may complain to the Information Commissioner who can be contacted at:-

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF