As a public sector body, Chesterfield Royal Hospital NHS Foundation Trust is required to appoint a Data Protection Officer (DPO). This is an essential role in facilitating ‘accountability’, and the organisations’ ability to demonstrate compliance with the UK General Data Protection Regulation (UK GDPR) and other data protection laws.
The essential qualities of the role are to provide support, advice, and assurance of all the Trust’s activities that involve processing personal data. The DPO reports on compliance to our senior management teams and is empowered to raise data protection matters with our Boards if necessary.
They monitor the organisation’s compliance with the UK GDPR and other data protection laws, and with internal data protection policies. They lead on internal data protection activities, and raise awareness of data protection issues, including training staff, and conducting internal audits.
They advise on whether a data protection impact assessments (DPIA) is necessary, how to conduct one and the expected outcomes. They serve as the contact point for the Information Commissioner’s Office (ICO) and other relevant supervisory authorities, on all data protection issues, including data breach reporting.
They serve as a contact point for individuals whose data is processed i.e. employees and patients.