UK NHS Spends Heavily on GDPR Compliance

For some companies, being compliant with GDPR rules has resulted in a major outay of cash.

The new legislation — effective May 25 — is aimed at protecting the data of every EU citizen anywhere in the world.

National Health Service (NHS) is one of the organizations struggling to be in compliance by the May 25 deadline. The publicly-funded UK healthcare system is part of a larger group of trust companies which must comply with GDPR regulations.

Forty-six trusts like NHS have, so far, spent over UK£1m on updating the systems that collect and store personal data of EU citizens. One of the major concerns is being able to provide EU citizens with access to their personal data file. Individuals have the right under GDPR guidelines to have access to their file, to correct any errors, to add information that clarifies, to erase personal data, to object to how and why it is being processed.

These individuals must be informed of the above rights in clear language and sign consent forms for the use, processing, storage and elimination of their personal data.

Trusts that are in non-compliance face very stiff penalties. The problem appears to be that software is not present or being employed to put these trusts in compliance with GDPR legislation.

Surveys by Digital Health Alliance have revealed that only slightly more than half of these trusts have created plans to deal with GDR compliance. They are either poorly equipped and/or not knowledgeable about how to complete this task.

The key issue for NHS in particular is the processing and safe securing of patient data which can be very sensitive. Concern from management and the public is the cost of implementing compliance with GDPR in both materials and labour.

In anticipation of these concerns, GDPR has published specific guidelines for health organizations. There is a task group whose job it is to provide advice to trusts like NHS.