Public Services > Healthcare

NHS Trusts cough up over £1m on GDPR

David Bicknell Published 13 April 2018

Research shows wide divergence in spending on getting ready for data protection regulation, ranging from £500 to £111,000


NHS Trusts have spent over £1m, preparing for incoming EU General Data Protection Regulation (GDPR), according to research from the Parliament Street think tank.

The findings are contained in a report , “Getting the NHS Ready for the GDPR” published this which reveals that 46 trusts have spent £1,076,549 on GDPR.

The report provides insight and analysis into how NHS trusts are preparing to comply with the legislation, including spending on software, staff training, secure email systems for patient records and specialist GDPR consultancy.

The figures for trusts show a huge range in financial resourcing, ranging from just £500 spent by the Royal Derby hospital compared with £111,200 in the case  of Luton and Dunstable Hospital Foundation Trust, which set aside the budget for staff support and training.

Goodmayes Hospital also spent comparatively little, earmarking £500 with an additional £70 a month on a secure email system for sending patient records. Alder Hey Children's NHS Foundation Trust spent £553 on practitioner training while Cheshire & Wirral Partnership NHS Foundation Trust spent £662 on training along with an exam.  

Other big spenders included Lincolnshire Partnership NHS Foundation Trust which spent £106,915 on staffing and training, including £1,755 on specialist training.

South Central Ambulance Service NHS Trust also set aside £95,000 for GDPR, a figure matched by St George’s University Hospitals NHS Foundation Trust which spent the money on ‘research, analysis and resourcing’. 

The report recommended that the NHS should establish a national programme for managing and funding GDPR and lobby the Treasury for extra funding to support it. It also suggested that the government should look to provide dedicated legal advice in the form of solicitors and specialist counsel to enable all trusts to gain free consultancy on implementation. It also argues that a national NHS GDPR strategy should be established, bringing together lawyers, chief information officers and CEOs to ensure consistency between trusts

Nick Felton, SVP, MHR Analytics said, “The incoming GDPR poses significant challenges to health trusts, which are tasked with managing highly confidential patient data and critical medical documents. This new legislation will increase pressure on hospitals to improve standards of data processing and introduce more stringent policies for managing information securely. It will also require trusts to develop blueprints for notification of privacy and data breaches. 

“With NHS resources already under strain, it is important that the health service moves quickly to meet the GDPR compliance deadline, particularly when the consequences of failing to do so include significant fines. Key to achieving this is for trusts to gain full control of all data and improving its quality to make better decisions for the long term.”

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.