This site is intended for health professionals only

At the heart of general practice since 1960

Read the latest issue online

CAMHS won't see you now

CCGs suggest charging GPs up to £1,800 for access to data protection officer

Exclusive Commissioners in parts of England have suggested they will charge GPs up to £1,800 a year to access data protection officers that are required under new laws, Pulse can reveal.

Under the new General Data Protection Regulation (GDPR), which came into effect on 25 May, GPs must designate a data protection officer (DPO) to monitor compliance to the law and act as a point of contact for patients requesting access to their data.

These can be appointed internally within the practice or externally by CCGs or health boards.

However, GP leaders have said CCGs charging for access to a data protection officer ‘shows a complete lack of understanding’ of the pressures facing GPs, arguing that commissioners should be supporting practices instead.

This comes after the BMA asked GPs to lobby their MP over the ‘unintended consequences’ of GDPR, which has forced practices to spend hours compiling patient records either ‘pro bono or in reality [out] of NHS resources’.

According to the Information Commissioner’s Office, data protection officers assist GPs ‘to monitor internal compliance, inform and advise on your data protection obligations… and act as a contact point for data subjects’.

BMA guidance states practices can designate their own officers, share an officer with other practices or appoint an external DPO that could be supplied by the CCG.

NHS Bedfordshire CCG told Pulse GPs would have to pay £1,800 each year to access a shared DPO through the CCG - but later claimed this was an 'early estimate'.

The CCG was unable to clarify what the current cost of the service is, while adding that practices could choose to appoint their own officer. So far, only one practice has signed up to use the CCG's data protection officer.

A spokesperson for the CCG said: ‘NHS Bedfordshire CCG has arranged for the provision of an enhanced GP IT service, which will supply a data protection officer to GP practices in Bedfordshire. If practices do not want to subscribe to this service, they are free to appoint their own data protection officer.’

Meanwhile, in NHS Telford and Wrekin CCG, all 14 local practices have signed up to pay £300 per year for an officer supplied by the CCG.

A CCG spokesperson said: ‘This role supports practice resilience and also encourages working at scale among practices and has been welcomed.’

But in NHS East Berkshire CCG, Pulse has learnt the CCG is acting as a DPO for its practices as an ‘interim measure’ at no cost, while practices in Doncaster have access to a collaborative DPO through the LMC, paid for as part of their statutory levy.

The new GDPR laws have meant GPs have to comply with requests for data from patients within one month and are no longer allowed to charge patients or solicitors for a copy of patient records.

NHS England guidance that was updated in anticipation of the new legislation states ‘CCGs can negotiate an enhanced GP IT service... as a call off agreement (i.e. chargeable to practices), under the main service contract for the provision of nominated individual(s) to practices that wish to designate a DPO from the service'.

But Dr Richard Vautrey, BMA GP committee chair, said CCGs should ‘extend their expertise to support practices’ as opposed to ‘levying charges against them’.

He said: ‘Given the workload pressures in general practice, it’s quite feasible for surgeries to collaborate with others to help manage this new burden placed on them…

'However, for any CCG to be charging for an appointed DPO to be contracted to a practice shows a complete lack of understanding of the pressures their practices are facing.’ 

An NHS England spokesperson said: 'CCGs have a responsibility to provide support for data protection officers in general practice.

'However, it’s a matter for individual CCGs whether they wish to go further and offer a DPO service which GP practices can buy into and, if so, how much it is reasonable to charge.'

Readers' comments (14)

  • Suggesting GP should be charged is free. I suggest we are paid to do data protection work in our surgeries. Ever time new guide lines comes we get more work and it need to be paid .

    Unsuitable or offensive? Report this comment

  • The Big plan: Cut more resources, create more bureaucracy and paper work. More rules to put the GPs at risk. More organisations to be paid for by the GPs under the guise of more protection for patients (does not matter if continuity of care or their GP goes). Make it so bad that the GPs will go and blame them when the NHS fails which it is already doing. Just need a scapegoat. Just like Bawa Garba. Managers and health minister gets off scott free. Good plan or am I just paranoid and need some pills? But I did give some real examples so I think not.

    Unsuitable or offensive? Report this comment

  • Paul C

    I cannot get your links to work.

    Unsuitable or offensive? Report this comment

  • I am not too sure that Dr Vautrey does not realise that CCGs have expertise in anything other than blocking innovation.

    Unsuitable or offensive? Report this comment

View results 10 results per page20 results per page

Have your say