image not found!

Information Governance

Risk Imperium Information Governance (IG) Services

UK GDPR and Data Protection Act 2018

The UK GDPR and the Data Protection Act 2018 outlines how personal data should be processed within the UK. The Information Commissioner’s Office (ICO) is the UK’s supervisory authority who regulate the UK GDPR, Data Protection Act 2018 and other privacy and information related legislations.Read more

Data Protection Impact Assessments (DPIA)

A DPIA is a type of risk assessment which determines the privacy, confidentiality and security risks associated with the storage, collection, use, disclosure and disposal of personal data. Completing a DPIA is a legal requirement under the UK GDPR for controllers of any high risk data processing. Its aim is to balance the proposed data processing and the rights of individuals in the Data Protection Act. Read more

Freedom of Information (FOI)

The FOI provides a route for members of the public to access information held by public authorities about public services which are funded through their taxes. Under the Act, public authorities are obliged to publish certain information about their activities and members of the public are entitled to request information held by public authorities.Read more

  Incidents (Personal Data Breaches)

All UK businesses and organisations have a duty to report incidents that are likely to result in a high risk to the rights and freedoms of individuals to the Information Commissioner’s Office (ICO). Organisations are mandated to report such breaches within 72 hours. Organisations must ensure that they have a robust incident reporting process to ensure that all personal data breaches are reviewed and assessed in a timely manner. Read more

Subject Access Request (SAR)

Under the UK GDPR all UK citizens (data subjects) have the right to access information that organisations have about them; this is known as a SAR.
Data Subjects can request copies of information provide them with a copy of their data and organisations have to comply within 28 calendar days. Failure to do so could result in a complaint being lodged with the Information Commissioner’s Office. Read more

Data Security and Protection Toolkit (DSPT)

NHS organisations and third-party organisations who process NHS patient data are required to complete the Data Security and Protection Toolkit on an annual basis.

The DSPT is a self-assessment which comprises of 10 standards, each standard has a number of assertions which organisations have to provide evidence against to demonstrate their compliance. Read more