St Andrew’s Healthcare begins digital transformation plan

The mental health charity is to oursource its IT function to the company Advanced in a multimillion-pound deal

The mental health charity St Andrew’s Healthcare has embarked on a multimillion-pound digital transformation project, the charity has confirmed.

It said the digital transformation programme would be rolled out at the charity over the next five years.

The full cost of the programme was not disclosed, but it is understood to be worth several million pounds.

The programme will see the charity outsource its IT to the IT firm Advanced, and the company will take over all of the charity’s digital services.

The first phase of the programme will focus on mitigating external security risks, with Advanced overseeing the management of the charity’s existing infrastructure.

This will be followed by a change-management plan focused on digital transformation, providing mobile technology to help staff, patients and their families, and enabling suppliers to have secure access to the charity’s systems while protecting core systems.

Leslie Ross, director of business change and IT at St Andrew’s Healthcare, said: “The whole world has changed, especially over the past two years, which have seen cyber security become front-line news. Some industries, such as financial services, are geared up for this evolution, but the rest of the world is still hugely vulnerable.

“It’s time for us to step up to ensure we mitigate future risks, while becoming more mobile, agile and connected, as well as meeting St Andrew’s strategy and digitisation plans.”

Roy Wood, managing director of Advanced, said: “As a forward-thinking mental healthcare charity living in a digital world, St Andrew’s has recognised the importance of reimagining its organisation in order to meet staff, patient and regulatory expectations.

“Putting its faith in Advanced is testament to the success we’ve achieved in advising and transitioning other healthcare organisations.”

Source link

DCMS announces plan to enshrine GDPR in law

The Data Protection Bill includes clauses that allow the UK to maintain the General Data Protection Regulation even after it leaves the EU

The Department for Digital, Media & Sport has announced plans to formally bring the General Data Protection Regulation into British law in its new Data Protection Bill.

The EU’s GDPR legislation is due to come into force on 25 May 2018 and will bring in stricter requirements for organisations that process data than are currently required under the Data Protection Act 1998 and will allow the Information Commissioner’s Office to levy fines of up to £17m or 4 per cent of global turnover on organisations that breach the rules.

A statement of intent on the proposed bill, published today, makes it clear that the government intends to maintain the requirements of the GDPR even after the UK leaves the EU in March 2019.

It acknowledges that the GDPR applies only to areas of law for which the EU has oversight.

But it adds: “This means that our own laws will need to apply data protections to other areas, and we intend to apply substantively the same standards to all general data in order to create a clear and coherent data-protection regime.”

Although charities will be required to adhere to the GDPR across all aspects of their work, the most controversial area it will have an impact on is fundraising, and the statement of intent reiterates the government’s commitment to enforce the GDPR’s more stringent requirements on consent.

“We will ensure that the default reliance on the use of default opt-out or pre-selected ‘tick boxes’ – which are, in any case, largely ignored – will become a thing of the past,” it says.

In a letter to stakeholders accompanying the announcement, Matt Hancock, the Minister of State for Digital, said the government would work with the Information Commissioner to ensure that guidance was available to help organisations navigate the new requirements.

Latest headlines

Daniel Fluskey, head of policy and research at the Institute of Fundraising, said: “Reading today’s announcement, we understand that the new Data Protection Bill’s focus is on bringing the GDPR requirements into domestic law ready for the post-Brexit world.

“Charities are continuing to adapt and change how they work, not just to meet new legislative requirements, but to ensure that they are giving the best experience to their supporters. We’ll be looking closely at the details when the bill is published later in the year to ensure any issues affecting fundraisers are considered in the new legislation.”

The DCMS also published the responses to its consultation on the areas of the GDPR where the UK has been able to exercise some discretion in how the law is applied.

The Charity Commission was among those organisations that responded to the consultation.

In its response, the regulator expressed concerns about the GDPR’s requirements for processing sensitive personal data, particularly concerning someone’s criminal convictions, which say that only “bodies vested with official authority” can process such information.

It is not clear whether this would include the commission, and the commission expressed concern that it could “significantly impede its regulation of charities” if it was unable to access information about someone’s previous convictions that would disqualify them from serving as a trustee.

But in its statement of intent, the government says it listened to such concerns and would legislate to extend the right to process personal data on criminal convictions and offences to other organisations.

A spokesman for the DCMS said the bill would be put before parliament after the summer recess and the government was committed to ensuring it was passed before the GDPR came into force.

Source link