Contact us if you’d like to arrange this PMA workshop locally

General Data Protection Regulation (GDPR)

'This workshop was GP practice-based information which we have to deal with on a day to day basis. Helped me to create a structure on which to work on to convey and prepare the staff.'

'It has taken away some of the worry about GDPR. I feel more confident to deal with it.'

'Excellent information and opportunity to discuss issues.'

If you would like information about workshop dates or would like to develop a specific programme or host this workshop, please call 0330 111 6459 or email

For information about all PMA Workshops, click here.

For feedback from other NHS Organisations about our workshops, click here.


‘We have an opportunity to set out a new culture of data confidence in the UK’

Although the EU General Data Protection Regulation (GDPR) does not come into force until May 2018, the scope of the changes under the new Regulation means that preparing for the GDPR will be high priority for the next 6 months. GDPR will need to be implemented alongside the New Data Protection Act which will both come into force on 25th May 2018.

You will need to carry out audits of the patient data and employee personal data that you collect and process to ensure that it meets GDPR conditions for patient and employee consent. New governance and record-keeping requirements mean that you will also have to create or amend policies and processes on privacy notices, data breach responses and subject access requests. There is a much greater emphasis on compliance following a widely-held belief that business up to now has not taken data privacy seriously enough. Possible penalties are considerably harsher and importantly now include small and medium businesses within the Public Sector. But, remember the new GDPR compliance requirements are not just and waving fines – it’s about realising that the data, upon which your business or practice is built, is managed in an appropriate, respectful, and lawful manner – and that the right levels of accountability and governance are applied by the practice.

There has never been a more important time to ensure that best practice is in place to secure patient and staff data, protect reputation and ensure compliance. A planned and structured approach is required to fully understand the necessary changes for both systems and user behaviour.

This workshop has been designed to be practical and easily digestible for those with responsibility and liability for Information Governance within the Primary Care sector. The day is facilitated by experts in both Information Governance and Primary and will be very interactive. It will be both detailed and practical and will seek to provide clarity and an objective approach in preparing for the GDPR.





Welcome & Introduction

Open Forum – your challenges and concerns


Overview of the Programme & Objectives

What is GDPR? – what do we need to know?


Preparing for GDPR in the Primary Care sector

  • Understanding GDPR
  • The New Data Protection Act
  • Differences between New DPA & GDPR and DPA
    • what are your new obligations?
  • Brexit – does anybody know?
  • Roles & Responsibilities under GDPR
  • GDPR timeline for change




12 Steps to GDPR Compliance

  • What are they?
  • Friend or foe?


Understanding the steps

  • Awareness
    • Who needs to know what
    • The culture for compliance
    • GDPR and Staff training
    • Who needs to know what?
  • Data Management
    • Where are we now?
    • What is personal data?
    • Sensitive Data - handling special category data
    • Understanding the key risk areas
    • Tips on identifying and managing Data
    • Data audit
  • Communication – Policies and notices
  • Individuals’ Rights and The NEW Data Protection principles
    • Data Processing
    • The right to object to
    • The right to erasure
    • The right to access
    • The right of data portability
  • Subject Access Requests
  • Responding to data access requests


Lunch & Networking


 Understanding the steps (cont.)

  • Lawful Processing
  • Consent
    • What does consent look like? And how to record it…
    • 3rd party consent
    • Explicit consent
  • Children
  • Children’s personal data


Recordkeeping and accountability

  • The role of the data controller
  • Responsibility and accountability
  • What does compliant record-keeping look like?
  • Recording processing activities
  • Understanding data impact assessments
  • Monitor and Review – audit of data risk management plan




 Achieve Data Protection by Design

  • Physical design
  • Systems design


 Detecting data breaches and procedures

  • Systems and detection of data breaches
  • Training staff to detect breaches
  • When and who to notify when a breach occurs
  • Informing the business/practice
  • Informing the regulator
  • Informing individuals
  • High risk situations – notifying the public
  • Enforcements and penalties


 Summary of Key Considerations – and Q&A



For information about all PMA Workshops, click here.

For feedback from other NHS Organisations about our workshops, click here.