A combination of 2 and 3 sounds like the pragmatic approach to this one!!
Regards,
Peter
Peter Dinsdale
Data Protection Consultant
Perfect Image /
T: 0191 238 0111
www.perfect-image.co.uk
Follow us on Twitter http://twitter.com/perfectimage
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Phil Bradshaw
Sent: 01 March 2018 10:14
To: [log in to unmask]
Subject: [data-protection] Unravel This One
I am currently working as DPO for an NHS Foundation Trust.
This Trust is 'host' for a Local Clinical Research Network (LCRN). The LCRN is part of the National Institute for Health Research (NIHR). There is an extensive 'contract' (this is an NHS contract!) between the LCRN and the Trust as host. LCRN staff are employed by the Trust and are subject to all its policies and procedures including audit data protection and security and training (but with at least one apparent exception referred to below).
In law neither NIHR nor LCRN have a legal existence and are not registered as data controllers. They are part of the Department of Health (DH). FOI requests to the LCRN appear to be referred to DH (the exception I referred to). The LCRN does however report to NIHR and ultimately DH and is funded by and accountable to them.
So am I (post 25 May at least) the DPO for the LCRN? I have not been (for them) appointed by the data controller. I do not report to the Data Controller's senior management. On the other hand DH's DPO will have no practical interface. In practice LCRN will look to Trust IG and DPO for advice and support on compliance issues under the 'contract'.
Should we just get on with it and pretend that the Trust is data controller? That has obvious implications of conflict e.g. where Trust and LCRN share data. Can DH appoint me as DPO for these purposes - it would need a separate service contract and Article 37 and WP 243 do not seem to contemplate a controller having more than one DPO.
I can see three solutions.
1. Accept that for some things at least Trust is a processor for DH, get all the relevant processing and sharing agreements in place (ho ho) and co-operate with DH's DPO (ho ho ho ho) 2. Ignore it and concentrate on doing what's right to protect the data and comply with the principles. If at some remote future date there is found to be a technical administrative breach the risk of a fine is minimal and ICO can draft the undertaking to sort out the mess (hee hee).
3. Go out and build a snowman
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________
________________________________
Save paper, please think twice before printing this email.
Equinox House | Cobalt 3.2 | Cobalt Business Park | Silver Fox Way | North Tyneside | Newcastle upon Tyne | NE27 0QJ
T. 0191 238 0111 | F. 0191 238 0127 | Service Desk Direct Line. 0191 238 0121
Perfect Image Ltd. Registered in England & Wales. Company Registration Number: 2650067
Registered Office: Equinox House, Cobalt 3.2, Cobalt Business Park, Silver Fox Way, North Tyneside, Newcastle upon Tyne, NE27 0QJ
This e-mail is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not represent those of Perfect Image Ltd. If you are not the intended recipient, please notify us at [log in to unmask] and be advised that you have received this mail in error and that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|