Awareness

Ensure that everyone in your practice is aware of the Data Protection Act 2018 [1] and what is needed to comply with this legislation.

Put in place a policy that outlines your practice’s approach to data protection, confidentiality and information security (see Data Protection, Confidentiality and Information Security Policy template).

Train staff in the importance of information handling in line with the DPA 2018 [1] and maintaining confidentiality of personal data, and ensure staff are familiar with the practice policies on the handling of personal data (see Confidentiality and Disclosure of Information). 

Review your practice risk management processes and record the outcome of this.

• Policies and procedures within the practice need to reflect the requirements of the DPA 2018 [1] and the UK General Data Protection Regulations [2] and you should ensure that staff are aware of these.