This practical workshop, facilitated by Barry Moult, a former Head of Information Governance for an NHS Trust, will look at managing Subject Access Requests and what you need to consider to comply with legislation and upholding individuals rights to access personal and sensitive information held about them. This will enable delegates to look at case studies and have the confidence to respond to requests.
In 2018 both the General Data Protection Regulation and a new Data Protection Act were introduced in the UK, requiring health and social care bodies, by the nature of their work, to respond to Subject Access requests. There is, to a certain extent, relatively clear guidance in the legislation as to what this requires organisations to do. This course, however, facilitated by an experienced Information Governance & Health Records Manager, undertakes to highlight how to practically implement the requirements, introducing a practical approach to Subject Access Requests.
Within Health and Social Care (inc. third sector); Data Protection Officers, Deputy Data Protection Officers, Information Governance Professionals and Line Managers of any of the above should attend this masterclass.
Key Learning Objectives include understanding:
• Background and Legal Basis
• Working with others in the organisation:
Information Asset Owners, Health Records Manager, Data Protection Officer, Caldicott Guardian, Senior Information Risk Owner
• How to Manager a Subject Access Request
Identifying a valid request, Excessive & Unfounded request, Locating the information requested, Collating, Redacting & Disclosure, Exemptions
• Requests from 3rd Parties:
Solicitors, Insurance Companies, Police, Others, Requests from Staff
• Complex requests - Case studies
• Information Commissioners Office -
Audits and Enforcement