Case Study - Information Governance at Terrence Higgins Trust

Copy of Copy of Black And Blue Modern Marketing Outdoor Banner (2000 × 2000px) (2000 × 1000px) (2000 × 800px) (LinkedIn Article Cover Image) (35)

Terrence Higgins Trust is the UK’s leading HIV and sexual health charity. They support people living with HIV and help those using the services to achieve good sexual health. They are an organisation that pride themselves on placing the service user and their privacy first.

Challenge

Terrence Higgins Trust (THT) were already using the services of a Smartdesc Virtual IT Director and prior to the GDPR being introduced, THT needed a qualified Information Governance Practitioner to help guide their organisation through their compliance journey.

THT needed to ensure that they were ready for the enforcement of GDPR and that a strategy was put in place before the regulation came into effect in May 2018.

Solution

After a formal tender process, Information Governance specialists from Smartdesc began to work with THT and focus on areas of improvement to ensure GDPR compliance. They were responsible for implementing key changes ready for when GDPR was enforced. This included some of the following:

Completing the Data Protection and Security Toolkit
Data Protection Impact Assessment completion for high risk
data processing
Raising awareness through training
Advice and guidance on all Information Governance Policies and Procedures.

Smartdesc have provided support to THT through the successful completion of the Data Security and Protection Toolkit (formally the Information Governance toolkit). The Data Security and Protection Toolkit is an NHS online tool that organisations must complete to evidence their compliance with data protection law.

Mark Brookfield, Head of Quality and Compliance, Terrence Higgins Trust –

“We employed Smartdesc to review our Information Governance policies and processes to ensure that, as an organisation who deal with sensitive personal information, we could evidence our compliance with GDPR & the NHS Data Security Toolkit.

Their work, professionalism and comprehensive knowledge has made a significant difference to the understanding of Information Governance amongst staff, not only through streamlined processes and updated policies, but also through training that they developed and rolled out to both staff and volunteers.

We’ve seen a significant increase in staff understanding of data protection related issues as a result of their work and have been able to provide the Trustees with assurance of our current practices.”

Smartdesc continue to help with operational Information Governance requirements such as leading on Data Protection Impact Assessments, completing Subject Access Requests and other queries around individual’s rights, implementing and updating privacy notices, policies, processes and procedures to ensure they meet the requirements set out within data protection law.

Results

Confidence when processing personal information.
Improved policies and procedures.
Embedded ‘privacy by design’ approach.
Staff are GDPR trained and aware of their responsibilities.

Information Governance at Terrence Higgins Trust