This site is intended for health professionals only


Scottish GP practices to be supplied with free data protection officer

Health boards in Scotland will provide data protection officers to all GP practices to enable them to comply with data protection regulations, the Government has announced.

Speaking at the annual conference of Scottish local medical committees in Glasgow on Friday, health minister Jeane Freeman surprised delegates by stating that data protection officers would be supplied at no costs to practices.

The BMA, who had raised concerns with government about the impact of GDPR legislation on GPs and asked for officers to be put in place said the news was ‘extremely welcome’.

It differs from the situation in England where there have been a range of solutions proposed to help practices manage GDPR requirements with some CCGs suggesting they will charge GPs up to £1,800 a year to access data protection officers that are required under the new laws.

Dr Andrew Buist, chair of the Scottish BMA GP Committee said: ‘We have been concerned for some time about the impact of GDPR legislation and what the extra requirements to manage substantial amounts of data might mean both for GPs and wider primary care teams – and have been asking for DPO officers to be put in place.’

He added that the new Scottish GP contract had been designed to reduce workload and free up GP time and there had been potential for GDPR legislation to become a ‘real drain on a GPs time’ and it was important to have the right expertise in place.

‘That is why news that data protection officers will be provided to practices, at no cost to the practice, was extremely welcome.

‘It was well received at the conference when the Cabinet Secretary made the announcement, and will no doubt be well received when implemented across Scotland.’

Dr Chris Williams, clinical lead for IT for RCGP Scotland and member of a short-life working group on information sharing during contract negotiations said that while health boards had recognised that covering local GP practices was appropriate work for board-employed data protection officers, there appeared to be lack of enthusiasm in making any commitment and ‘concern was building’.

‘Many GPs and practice managers were feeling exposed that there was no clarity about how the steps needed to have a DPO,’ he added.

He said the announcement at the conference was greeted with warm and genuine applause.

‘This was not an area that LMC members had anticipated that progress would have been made.’