NHS trusts spend more than £1m on GDPR compliance efforts, claims report

NHS trusts have spent between £500 and £111,200 on GDPR compliance

NHS Trusts across the country have so far spent more than £1 million on preparations for the forthcoming EU General Data Protection Regulation (GDPR).

According to new research from the Parliament Street think tank, 46 trusts have spent a combined total of £1,076,549 on appropriate measure in a bid to become GDPR-compliant.

The study, called Getting the NHS Ready for the GDPR, provides an insight into how the NHS is preparing for the new law. It is set to come into force next month.

Luton and Dunstable Hospital Foundation Trust tops the list, having spent £111,200 on GDPR implementation and training

Many trusts have spent large sums on software, staff training, secure email systems for patient records and specialist GDPR training schemes.

The Luton and Dunstable Hospital Foundation Trust tops the list, having spent £111,200 on GDPR implementation and training to boost understanding among employees, according to Parliament Street.

Another big spender is the Lincolnshire Partnership NHS Foundation Trust, which has set aside £106,915 for GDPR staffing and training.

Meanwhile, the Royal Derby Hospital and Goodmayes Hospital only allocated £500 for GDPR implementation - it also claims to be spending the princely sum of £70 a month for a secure email system to protect patient records.

And the South Central Ambulance Service NHS Trust and St George's University Hospitals NHS Foundation Trust have both spent £95,000 on preparations, focusing on "research, analysis and resourcing".

This new legislation will increase pressure on hospitals to improve standards of data processing and introduce more stringent policies for managing information

Nick Felton, senior vice president of MHR Analytics, said that healthcare organisations are greatly affected by GDPR because of the sensitive nature of patient records.

"The incoming GDPR poses significant challenges to health trusts, which are tasked with managing highly confidential patient data and critical medical documents," he said.

"This new legislation will increase pressure on hospitals to improve standards of data processing and introduce more stringent policies for managing information securely. It will also require trusts to develop blueprints for notification of privacy and data breaches."

Felton said that while the NHS is grappling with budget cuts, it still needs to invest in the latest security mechanisms to protect employees and patients.

He added: "With NHS resources already under strain, it is important that the health service moves quickly to meet the GDPR compliance deadline, particularly when the consequences of failing to do so include significant fines.

"Key to achieving this is for trusts to gain full control of all data and improving its quality to make better decisions for the long term."