One West - Specialist Professional Services (logo)

One West – Information Governance & Data Protection

Information Governance and Data Protection in the UK this is enabled through the General Data Protection Regulations (GDPR) and the Data Protection Act (DPA). That’s where we come in.

In an increasingly digital age, it has never been more important to effectively safeguard and manage the personal data of individuals.

GDPR and the DPA provide a framework for our service to operate within, regarding the processing and protection of the personal data of individuals and the promotion of their rights.

Our teams Information Governance work is thus able to support service areas to ensure that new and existing systems and processes meet these demands.

Where new this includes being involved at all stages of the ‘build’ process, from procurement, through to assessment and guidance regarding the use of those systems in a safe and secure way by managing and mitigating risk.

Once a system is established our team continues to monitor the security and efficiency of these systems on an ongoing basis.

We work closely with partner organisations such as the BANES Care Commissioning Group (CCG), Virgin Care, Avon and Somerset Police, Avon and Wiltshire Mental Health Partnership as well as other Local Authorities.

This helps to deliver data sharing that promotes the security and welfare of residents across the South West.

In the Councils day to day business issues relating to the legislation are common. Thus our team also works with service areas as needed to provide interpretation of the legislation and guidance on how action can be taken.

Of note our team has supported the establishment of the Care Coordination Hub and the use of Shielded Patient data in response to COVID-19.

Ensuring that we operate within the boundaries of DPA and GDPR means that we provide our residents with an accessible and appropriate way to exercise their Data Protection rights, such as the ‘right to access’ (commonly referred to as ‘subject access requests’).

This right enables individuals to find out what information public authorities hold about them. Our team proactively seeks to ensure the integrity of information within the Council, but will manage, contain and carry out remedial action to correct any issues identified through data protection breaches/security incidents.

Our team has been engaged in working with regional organisations to build an integrated care record that will greatly assist in the delivery of direct care to residents.

Our team is  also responsible for Bath and North East Somerset Council’s statutory Data Protection Officer (DPO) role. This exists to give independent advice and guidance to the Council at all levels regarding the risks posed by emergent threats in Data Protection and more recently Cyber Security.

In our work we seek to ensure:

  • Clear policies, guidelines and good practice exist across the Council to support efficient and legal processing of personal and special category (sensitive personal) data.
  • Coordinated, comprehensive and timely responses (within statutory timescales) under the legislation to all corporate subject access requests. (SARs for the People and Communities directorate are dealt with separately by the Complaints CYP and Adults and Data Protection Team – also part of One West)
  • Support managers with access to employee records for the purposes of undertaking investigations.
  • Provide specialist expertise and support to Council officers and Senior Management on a variety of specific/complex enquiries and how they can achieve compliance with the DPA/GDPR.
  • Deliver bespoke training opportunities for different teams/service areas of the Council to improve their knowledge of the legislation and of information governance issues in general.

And when you need more:

  • We manage Internal Reviews to resolve and conclude any complaints received in response to SAR responses sent.
  • We liaise directly with the Information Commissioner’s Office (ICO) to resolve any complaints escalated past the Internal Review stage, and to report personal data breaches.

If you would like to know more the team to speak to is:

Information Governance Team

Tel  01225 396872 / 01225 396658