answer text |
<p>Data processes and systems within the Federated Data Platform (FDP) will need to
comply with the Technology Code of Practice, Government Digital Service standards,
the Department’s guide to good practice for digital and data-driven health technologies,
the Data Protection Act 2018 and the United Kingdom’s General Data Protection Regulation,
Information Commissioner’s Office guidance and associated regulations, standards and
guidance.</p><p> </p><p>To ensure that the FDP complies, the data sharing approach
will consist of: a Data Protection Impact Assessment (DPIA) for the procurement of
the FDP solution; overarching DPIA to articulate the data security and protection
principles and lawful bases for deployment; purpose-specific DPIAs, which will be
drafted for each use case and will go through the formal approval routes within NHS
England prior to roll-out; and a legal mechanism for the sharing and processing of
data, to be agreed in consultation with NHS England Information Governance and legal
counsel.</p><p /><p>The above activities will be concurrent and aligned with the procurement
process to ensure data protection by design and default principles are embedded, and
there is co-production of the final data sharing approach. This will ensure that
the lawful basis for the data sharing is identified, and Common Law Duty of Confidentiality
is adhered to for all of the use cases.</p>
|
|