Outsourced Data Protection for health & social care.
Affordable access to expert privacy advice you can trust.
What is outsourced Data Protection?
GDPR is explicitly clear that no-one can outsource their legal responsibilities to comply with all the laws that relate to data protection. However you can outsource the expertise and experience required to fully understand what those responsibilities are.
A Data Protection Officer (DPO) is a legally defined role under GDPR, responsible for providing independent expert advice and support to a business. Not everyone must have a formally registered DPO, but every business must have someone adequately skilled to ensure compliance. DPOs can be outsourced and, in many cases it is a better approach than assigning the role to an employee.
Support can be provided on a straightforward Subject Matter Expert (SME) basis - answering questions and providing advice as needed, or as a formal DPO registered with the ICO with the legal responsibilities that come with that.
A DPO’s remit is wider than checking for compliant paper work, they are there to support the operational compliance of a business’ actions, reducing risks and improving trust of data subjects.
What are the benefits?
Low cost - Most smaller business do not need a DPO full time. Outsourcing gives access to knowledge and experience at a small fraction of the cost of employment or training.
Expert - Experienced data protection experts are hard to find and expensive. Outsourcing gives you access to professional quality advice that you can trust, with a deep experience of the unique aspects of the health and social care sector.
Independent - A legal requirement of a DPO is that they must be independent and not involved in the operational decision making in a business (you can’t mark your own work). This is often a tough ask in smaller businesses where it’s ‘all hands on deck’ .
Risk reduction - Although compliance can seem like a cost that drops to the bottom line, good advice can dramatically reduce the real financial risks that non compliance brings. Although the headlines talk about the €20M statutory fines, the real costs are being felt in civil claims (a right of data subjects under GDPR), and increased employment law settlements where staff details are involved.
What does it cost?
We understand that predictability of cost is important, especially for smaller businesses. Our packages are deliberately very competitively priced (check around) to enable as many organisations as possible to benefit from sector leading best practice advice. They won’t meet every need, so if you’ve got a specific requirement let us know and we will put together a proposal.
£100/mo
Phone and email helpdesk
Specialist health and social care sector data protection advice
DPA, GDPR, Caldicott, PECR, H&SCA
Single operating site
£300/mo
Advice PLUS
Appointed as DPO (if required)
Annual health check (on-site)
Best practice policy and procedure templates
Document and contract reviews
Risk assessment support
Breach support
£550/MO
Advice PLUS
2-5 operating sites
Appointed as DPO (if required)
Annual health check (on-site)
Best practice policy and procedure templates
Document and contract reviews
Risk assessment support
Breach support
£POA
e.g.
Larger business
Franchiser business model
Multiple care services
National / international operations
Tech enabled operations