Although the EU General Data Protection Regulation (GDPR) does not come into force until May 2018, the scope of the changes under the new Regulation means that preparing for the GDPR will be high priority for the next 6 months. GDPR will need to be implemented alongside the New Data Protection Act which will both come into force on 25th May 2018.

You will need to carry out audits of the patient data and employee personal data that you collect and process to ensure that it meets GDPR conditions for patient and employee consent.

‘We have an opportunity to set out a new culture of data confidence in the UK’

New governance and record-keeping requirements mean that you will also have to create or amend policies and processes on privacy notices, data breach responses and subject access requests. There is a much greater emphasis on compliance following a widely-held belief that business up to now has not taken data privacy seriously enough. Possible penalties are considerably harsher and importantly now include small and medium businesses within the Public Sector. But, remember the new GDPR compliance requirements are not just and waving fines – it’s about realising that the data, upon which your business or practice is built, is managed in an appropriate, respectful, and lawful manner – and that the right levels of accountability and governance are applied by the practice.

There has never been a more important time to ensure that best practice is in place to secure patient and staff data, protect reputation and ensure compliance. A planned and structured approach is required to fully understand the necessary changes for both systems and user behaviour.

This workshop has been designed to be practical and easily digestible for those with responsibility and liability for Information Governance within the Primary Care sector. The day is facilitated by experts in both Information Governance and Primary and will be very interactive. It will be both detailed and practical and will seek to provide clarity and an objective approach in preparing for the GDPR.

At the PMA we pride ourselves on the understanding that one size doesn’t fit all and – therefore, we have various formats of our workshops and can adapt any programme / agenda to suit your local needs and necessaries – so, please get in touch to discuss your requirements.

Get in touch

Who should attend?

Don't miss opportunity to work with leading specialists in a series of full day workshops specifically focused on the ‘business’ aspects of General Practice.
  • General Practitioners

  • Practice Managers

  • Senior Practice Nurses

  • GP Administrator Managers

Learning Outcomes

Participants will gain an understanding of the demands of the Federating, merging and working at scale and the fundamental considerations around your practice in merger and partnership discussions. Different solutions will suit different practices and the people who work within them – so it’s crucial to be aware of the possibilities and opportunities that are available.

The GPFV 10 High Impact Actions will form a thread throughout the day as they represent a pivotal collection of ways to improve workload and improve care through working smarter, not harder.

  • Help practices lay the foundations for new models of integrated care
  • Understanding the delivery as part of a sustainable and high-quality NHS
  • The different options of working at scale
  • Identifying who you could collaborate with
  • How the change could affect your practice’s identity
  • Practicalities of merging – shared services & ‘back-office’ functions
  • The business considerations of merging, partnerships, federations and MCPs
  • Identifying the right services

Workshop Agenda

Below is an outline of the proposed agenda, if you have any questions please get in touch.

Welcome & Introduction

Open Forum – your challenges and concerns

Overview of the Programme & Objectives

What is GDPR? – what do we need to know?

Preparing for GDPR in the Primary Care sector

  • Understanding GDPR
  • The New Data Protection Act
  • Differences between New DPA & GDPR and DPA
    • what are your new obligations?
  • Brexit – does anybody know?
  • Roles & Responsibilities under GDPR
  • GDPR timeline for change

12 Steps to GDPR Compliance

  • What are they?
  • Friend or foe?

Understanding the steps

  • Awareness
    • Who needs to know what
    • The culture for compliance
    • GDPR and Staff training
    • Who needs to know what?
  • Data Management
    • Where are we now?
    • What is personal data?
    • Sensitive Data – handling special category data
    • Understanding the key risk areas
    • Tips on identifying and managing Data
    • Data audit
  • Communication – Policies and notices
  • Individuals’ Rights and The NEW Data Protection principles
    • Data Processing
    • The right to object to
    • The right to erasure
    • The right to access
    • The right of data portability
  • Subject Access Requests
  • Responding to data access requests

 Understanding the steps (cont.)

  • Lawful Processing
  • Consent
    • What does consent look like? And how to record it…
    • 3rd party consent
    • Explicit consent
  • Children
  • Children’s personal data

Recordkeeping and accountability

  • The role of the data controller
  • Responsibility and accountability
  • What does compliant record-keeping look like?
  • Recording processing activities
  • Understanding data impact assessments
  • Monitor and Review – audit of data risk management plan

 Achieve Data Protection by Design

  • Physical design
  • Systems design

 Detecting data breaches and procedures

  • Systems and detection of data breaches
  • Training staff to detect breaches
  • When and who to notify when a breach occurs
  • Informing the business/practice
  • Informing the regulator
  • Informing individuals
  • High risk situations – notifying the public
  • Enforcements and penalties

 Summary and Q&A


Get in touch

Contact the PMA now

If you would like more information about any of our workshops, the timings or adapting our programmes to your local needs / requirements, please call 0330 111 6459 or email

Please note that all workshops are delivered online as web workshop sessions – however, if you require face to face workshops, please get in touch and we will be happy to discuss this.

Get in touch

Join our vibrant community of over 50,000 today and benefit from our services

As a PMA member, you will benefit from regular news and updates on key issues and regulatory changes that affect GP practices. You will gain access to exclusive training and events that ensure you maintain currency of knowledge and skills. You will have the opportunity to meet and network with your peers from around the UK.

Join PMA