IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NHS trusts spend £1 million to prepare for GDPR

Healthcare bodies invest in software tools and staff training, FoI reveals

Doctor holding a clipboard

The NHS is underprepared for GDPR despite the data protection law coming into force in just six weeks, according to new research.

Trusts have spent more than 1 million collectively on updating systems for the legislation, which aims to hand EU residents more control over what companies do with their personal data, and introduces tougher fines for firms who misuse that data.

Think tank Parliament Street asked NHS trusts across the UK to share their current expenditure and their projected expenditure for the next year on preparing for GDPR, and specifics about how the money is being used, collating the information in a report titled 'Getting the NHS ready for the GDPR'. 

The Freedom of Information requests revealed a total of 1,076,549 had been spent across the 46 trusts that responded, of 84 approached, including expenditure on consultancy, secure email systems, software, staffing and training.

Citing Digital Health Alliance research that shows only 55% of acute trusts and 47% of mental health trusts have an implementation plan for the legislation, the report said: "This suggested that around half of trusts are properly equipped with a plan to tackle this complex legislation.

"A key issue for the NHS is how they manage and secure sharing of confidential patient records and data, which is extremely sensitive and personal to individuals."

The think tank argued that GDPR implementation would add further strain to NHS resources already struggling with rising costs for social care.

Luton and Dunstable Hospital Foundation Trust spent the most on its preparation - 111,200 - targeting resources at staff support and training, while Lincolnshire Partnership NHS Foundation Trust, the only other trust to spend more than 100,000, allocated funds toward staffing and training - including 1,755 on specialist training.

The lowest-spending trusts, committing less than 1,000 each on GDPR preparation, included East Kent Hospitals University NHS Foundation Trust, Rotherham Doncaster and South Humber NHS Foundation Trust, Cheshire & Wirral Partnership NHS Foundation Trust, Alder Hey Children's NHS Foundation Trust, Goodmayes and Royal Derby Hospitals.

The low-spending NHS trusts IT Pro spoke with were keen to point out expenditure was not correlative with or reflective of their level of preparedness.

A spokesperson for the Department of Health and Social Care said it has worked with partners to develop "a comprehensive suite of guidance products" to support the implementation of the General Data Protection Regulation in May.

They added: "GDPR will replace the current Data Protection Act and will set a more robust framework for how we collect, store and share data across the health and care system in future. In addition to the guidance produced by the NHSE-led GDPR working group, there is considerable information and guidance available, particularly from the Information Commissioner's Office."

As part of its research, the think tank also discovered additional detail on how trusts were spending their resources. For example, the Christie NHS Foundation Trust spent 54,000 on an Information Security Management System and consultancy resources, while the Queen Elizabeth Hospital King's Lynn NHS Foundation Trust spent almost 11,000 on a data flow and mapping licence, software training and configuration consultancy. 

Among its recommendations, Parliament Street proposed the NHS establishes a national programme for managing and funding GDPR - bringing together lawyers, CIOs and CEOs to ensure consistency between trusts - as well as lobby the Treasury for extra support.

In addition, the government should provide dedicated legal advice in the form of solicitors and specialist counsel to enable all trusts to gain free consultancy on implementation, the report said.

The East Kent, Rotherham Doncaster and South Humber, Cheshire & Wirral, Alder Hey trusts, as well as the NHS itself, were approached for comment.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022