Information Governance at Terrence Higgins Trust

[vc_row][vc_column width=”2/3″][vc_single_image image=”2362″ img_size=”full” style=”vc_box_rounded” css_animation=”none”][ult_animation_block animation=”No Animation” animation_duration=”3″ animation_delay=”0″ animation_iteration_count=”1″][vc_column_text css_animation=”none”]Terrence Higgins Trust is the UK’s leading HIV and sexual health charity. They support people living with HIV and help those using the services to achieve good sexual health. They are an organisation that pride themselves on placing the service user and their privacy first.[/vc_column_text][dt_fancy_separator line_thickness=”2″][ultimate_spacer height=”10″][dt_vc_list dividers=”false”]
Challenge
Terrence Higgins Trust (THT) were already using the services of a Smartdesc Virtual IT Director and prior to the GDPR being introduced, THT needed a qualified Information Governance Practitioner to help guide their organisation through their compliance journey. THT needed to ensure that they were ready for the enforcement of GDPR and that a strategy was put in place before the regulation came into effect in May 2018.[/dt_vc_list][ultimate_spacer height=”10″][dt_fancy_separator line_thickness=”2″][ultimate_spacer height=”10″][dt_vc_list dividers=”false”]
Solution
After a formal tender process, Information Governance specialists from Smartdesc began to work with THT and focus on areas of improvement to ensure GDPR compliance. They were responsible for implementing key changes ready for when GDPR was enforced. This included some of the following:
- Completing the Data Protection and Security Toolkit
- Data Protection Impact Assessment completion for high risk data processing
- Raising awareness through training
- Advice and guidance on all Information Governance Policies and Procedures.
Smartdesc have provided support to THT through the successful completion of the Data Security and Protection Toolkit (formally the Information Governance toolkit). The Data Security and Protection Toolkit is an NHS online tool that organisations must complete to evidence their compliance with data protection law.[/dt_vc_list][/ult_animation_block][/vc_column][vc_column width=”1/3″ css=”.vc_custom_1695139414639{border-radius: 1000px !important;}”][ult_animation_block animation=”fadeInDown” animation_duration=”2″ animation_delay=”0″ animation_iteration_count=”1″][ultimate_ctation ctaction_background=”#ffcfbf” ctaction_background_hover=”#ffe5dd” ctaction_padding_top=”30″ ctaction_padding_bottom=”30″ ctaction_padding_left=”18″ ctaction_padding_right=”18″ highlight_margin=”margin:2px;” el_class=”borderRadius”]
Mark Brookfield, Head of Quality and Compliance, Terrence Higgins Trust –
“We employed Smartdesc to review our Information Governance policies and processes to ensure that, as an organisation who deal with sensitive personal information, we could evidence our compliance with GDPR & the NHS Data Security Toolkit.
Their work, professionalism and comprehensive knowledge has made a significant difference to the understanding of Information Governance amongst staff, not only through streamlined processes and updated policies, but also through training that they developed and rolled out to both staff and volunteers.
We’ve seen a significant increase in staff understanding of data protection related issues as a result of their work and have been able to provide the Trustees with assurance of our current practices.”
[/ultimate_ctation][ultimate_spacer height=”30″][vc_single_image image=”2361″ img_size=”large” alignment=”center”][/ult_animation_block][/vc_column][/vc_row][vc_row margin_top=”-90px”][vc_column css=”.vc_custom_1699009127693{margin-top: -10px !important;}”][vc_column_text]Smartdesc continue to help with operational Information Governance requirements such as leading on Data Protection Impact Assessments, completing Subject Access Requests and other queries around individual’s rights, implementing and updating privacy notices, policies, processes and procedures to ensure they meet the requirements set out within data protection law.[/vc_column_text][dt_fancy_separator line_thickness=”2″][ultimate_spacer height=”10″][dt_vc_list dividers=”false”]
Results
- Confidence when processing personal information.
- Improved policies and procedures.
- Embedded ‘privacy by design’ approach.
- Staff are GDPR trained and aware of their responsibilities.
[/dt_vc_list][ultimate_spacer height=”10″][/vc_column][/vc_row]