COVID-19 Data Programme GDPR and Cyber Security services

UK Health Sector organisation provides a range of emergency, urgent care and non-emergency health and logistic services. During the COVID-19 pandemic UK Health Sector organisation also provided additional services as part of the Pandemic and Health Emergency Response Services (PHERS) as requested by the Secretary of State for Health and Social Care.  The key service provided by UK Health Sector organisation was to mobilise and support pandemic telephony services through effective operational oversight and management. Due to the concerning nature of the Omnicron variant these telephony services were often stood up within 21 days which created significant challenges.

In late 2021, Nimbus were invited to support UK Health Sector organisation in the delivery of the Pandemic telephony services through the provision of GDPR and Cyber Security subject matter expertise into the Pandemic Data Programme. The GDPR and Cyber Security challenge was significant as these complex public telephony services span multiple health organisations and third-party service providers, utilise both new and existing IT systems which often requiring multiple integrations and are underpinned with clinical services such as safeguarding and non-clinical services such as sign-language and translation services.

We were able to embed our team for 15 months within the in-flight Pandemic Data Programme utilising an Industry Leading Privacy and GDPR framework to assess and advise on the GDPR regulatory compliance, applied cyber security controls and the residual GDPR and Cyber Security risks to the information processed within the telephony services across their full lifecycle from conception to dormancy.

The team documented Records of Processing Activities (ROPA), Data Sharing Agreements, Data Protection Impact Assessments (DPIA), Risk logs and Transparency Notices to ensure each service could evidence GDPR compliance to the regulator where relevant. Through applying our expertise, we contributed to improving the overall levels of GDPR compliance and application of security controls therefore reducing the overall information risk associated with each service.  We also designed, built and created content for a SharePoint knowledge centre to ensure that the work the programme has undertaken could be used for future Pandemic preparedness. This knowledge centre provided guidance, hints, tips, templates, links and useful content to complement the programme evidence library. The knowledge centre was made available to the key stakeholders such as the data controllers upon successful programme closure.

The team demonstrated their ability to provide valuable expertise and delivery within an extremely fast-paced, highly regulated and challenging Pandemic environment.

Considering the cloud?

Get in touch!