UK NHS Expends Heavily on GDPR Compliance

May 15, 2018


For some businesses, being compliant with GDPR laws has led to a major outlay of cash.

The new law — operational May 25 — is targeted at safeguarding the data of every European Union resident anywhere in the world.

National Health Service (NHS) is among the companies trying to be in compliance with the May 25 cutoff date. The publicly-financed UK healthcare system is part of a bigger group of trust firms which should comply with GDPR rules.

Forty-six organizations like NHS have, so far, spent more than UK£1m on modernizing the systems that gather and store private data of European Union residents. Among the main concerns is being able to provide European Union residents with access to their private data file. People have the entitlement under GDPR rules to have access to their file, to rectify any mistakes, to add information that explains, to delete private data, to complain how and why it’s being processed.

These people should be informed of the above entitlements in simple language and sign approval forms for the use, processing, storage and removal of their private data.

Trusts that are in non-compliance face very harsh fines. The problem seems to be that software isn’t present or being used to put these trusts in compliance with GDPR law.

Surveys by Digital Health Alliance have disclosed that only a tad more than half of these trusts have made plans to cope with GDR compliance. They are either badly prepared and/or not familiar about how to complete this job.

The main problem for NHS, in particular, is the handling and safe securing of patient data which can be very sensitive. Uneasiness from the administration and the public is the cost of applying compliance with GDPR in both materials and labor.

In expectation of these concerns, GDPR has circulated specific rules for health companies. There is a task group whose work it is to provide guidance to trusts similar to NHS.