Could the impending implementation of the EU General Data Protection Regulation (GDPR) actually be the catalyst for strengthened NHS cybersecurity?
Don’t be fooled by the EU prefix. Despite the triggering of Article 50 and the Brexit process, GDPR remains a reality. Not only does it come into force before the UK will have left the European Union, but both the government and information commissioner have confirmed the regulation will still apply. That means much tougher penalties under the Data Protection Act remit, and it also means plenty of changes when it comes to how organisations handle, protect and move personal data. Using my principle of picking the positive out of a crisis, I can see that the realities of GDPR should help drive cybersecurity issues further up the agenda of NHS trusts. That has to be a good thing.
