Case Study
Information Governance at Terrence Higgins Trust
Challenge
Terrence Higgins Trust (THT) were already using the services of a Smartdesc Virtual IT Director and prior to the GDPR being introduced, THT needed a qualified Information Governance Practitioner to help guide their organisation through their compliance journey.
THT needed to ensure that they were ready for the enforcement of GDPR and that a strategy was put in place before the regulation came into effect in May 2018.
“We employed Smartdesc to review our Information Governance policies and processes to ensure that, as an organisation who deal with sensitive personal information, we could evidence our compliance with GDPR & the NHS Data Security Toolkit.
Their work, professionalism and comprehensive knowledge has made a significant difference to the understanding of Information Governance amongst staff, not only through streamlined processes and updated policies, but also through training that they developed and rolled out to both staff and volunteers.
We’ve seen a significant increase in staff understanding of data protection related issues as a result of their work and have been able to provide the Trustees with assurance of our current practices”
Mark Brookfield, Head of Quality and Compliance - Terrence Higgins Trust
Solution
After a formal tender process, Information Governance specialists from Smartdesc began to work with THT and focus on areas of improvement to ensure GDPR compliance. They were responsible for implementing key changes ready for when GDPR was enforced.
This included some of the following:
- Completing the Data Protection and Security Toolkit
- Data Protection Impact Assessment completion for high risk data processing
- Raising awareness through training
- Advice and guidance on all Information Governance Policies and Procedures.
Smartdesc have provided support to THT through the successful completion of the Data Security and Protection Toolkit (formally the Information Governance toolkit). The Data Security and Protection Toolkit is an NHS online tool that organisations must complete to evidence their compliance with data protection law.
Smartdesc continue to help with operational Information Governance requirements such as leading on Data Protection Impact Assessments, completing Subject Access Requests and other queries around individual’s rights, implementing and updating privacy notices, policies, processes and procedures to ensure they meet the requirements set out within data protection law.
Results
- Confidence when processing personal information.
- Improved policies and procedures.
- Embedded ‘privacy by design’ approach.
- Staff are GDPR trained and aware of their responsibilities.