NHS Digital suffered a data breach in July that resulted in the confidential information of 150,000 patients being shared without their permission.
The breach affected national data opt-out (formerly type 2 opt-out) patients. National data opt-out is used when patients only consent to their data being used for their individual care.
Although the breach was blamed on a ‘coding error’, and there is no risk to patient data, it demonstrates a blatant failure of NHS Digital’s information security management practices.
It also highlights the importance of organisations knowing what information security risks they face within the supply chain.
Organisations need to be aware of how data is processed throughout the business and if there are multiple locations/formats where it needs updating. Failure to understand this and the risks involved could leave you vulnerable to data breaches and unable to respond effectively should a breach occur.
What can be done?
With data breaches on the rise, compliance with the EU GDPR (General Data Protection Regulation) should be a priority for all organisations.
You might be surprised at how much data you are processing and how extensively it travels through your organisation, but it all needs to be accounted for.
To effectively map data and the information flow, you need to understand it, describe it and identify its key elements. The best method to do so is to use a data mapping tool.
Find out more about conducting a data flow mapping exercise under the GDPR >>
What is the Data Flow Mapping Tool?
Vigilant Software’s Data Flow Mapping Tool simplifies the process of creating data flow maps to help you meet the terms of the GDPR and allows you to gain full visibility over the flow of personal data through your organisation.
The tool simplifies the process of creating data flow maps, giving you a thorough understanding of what personal data your organisation processes and why, where it is held and how it is transferred.