WATCH OUR information videos

Click here to watch our session on "What is Data Protection?" from our Information Governance Leads and Data Protection Officer


Click here to meet our Head of Risk Assurance & Data Protection Officer


Click here to hear why getting Data Protection right is important for your business


Information Governance, (IG), is a framework for handling personal information in a confidential and secure manner to appropriate ethical and quality standards in a modern health service. It also provides a consistent way for employees to deal with the many different information handling requirements.


Good IG practice ensures necessary safeguards for, and appropriate use of, corporate, patient and personal information. It is of paramount importance that information is managed efficiently and effectively and that appropriate policies, procedures, management accountability and structures provide a robust governance framework for information management.


Here at Mid Mersey Digital Alliance, (MMDA), we recognise that IG and Data Protection compliance, whilst vital, can be time-consuming and may provoke worry and doubt due to its complexity and specialist legal knowledge required.


We are specialist providers of both IG Management and Data Protection Officer services in a flexible and tailored manner, generating an ethical and effective approach, with the primary aim of safeguarding patient and personal data (this includes employees where applicable).


Our Team have over 40 years of IG and DPO experience, and with a proven track record in supporting health and care organisations to achieve and maintain IG compliance.  Our IG Team are provide answers to your IG and data protection queries, solutions and improvements in a rapid, comprehensible, and manageable manner with our IG Compliance Plan.


The MMDA IG Compliance Plan is designed to ensure that your organisation meets its legal obligations and requirements concerning confidentiality and data security standards.


Our IG team will provide the expertise and experience necessary to ensure that your organisation has the highest quality IG Management and Data Protection Officer services to ensure you have an effective and efficient IG programme which supports current legislation.


Our IG team are BCS Data Protection Practitioner Level qualified with years of experience from a variety of NHS organisations and are well-versed in all related legislation and national standards, including: Data Protection Act 2018, UK General Data Protection Regulation, the Common Law Duty of Confidentiality, Records Management Code of Practice and the Caldicott principles.


  • Advice and support – to deal with questions and queries in connection with the Data Protection Act and UK GDPR

  • Data Protection Impact Assessments (DPIAs) assistance – mandatory under UK GDPR that risks are assessed where personal data is being processed

  • Advice on sharing and processing data with other NHS Partners and 3rd Parties – there must be a legal basis to do so

  • Compliance with Information Asset Registers (IAR) - a record of all processing activities of personal data must be kept

  • Compliance with Data Flow Mapping Registers (DFM) – ensuring that all access to data coming in and going out is risk assessed

  • Provision of policies and guidance materials. Provide template and policies, procedures, and logbooks, as well as sharing knowledge and experience for audits, and CQC inspections

  • Privacy Notice compliance – patients need to be fully informed about the use of their personal data this must be outlined in a Privacy Notice

  • Annual training – ensuring staff are up to date and compliant with legislation and the Data Security & Protection Toolkit

  • Contracts – relevant UK GDPR clauses must be included in contracts

  • Data Processing Agreements (DPA) – ensure these are in place of required

  • Bespoke Training – usually following a serious incident or persistent incidents

  • Audits & Spot Checks - to ensure IG controls have been implemented

  • Record Management advice

  • Regular Data Protection updates / communications

  • Data Security and Protection Toolkit (DSPT), Support: Advice and guidance for your DSPT annual submission. 


  • Providing a named Data Protection Officer (DPO)

  • Monitoring compliance with UK GDPR and data protection laws

  • Providing advice for continued compliance and improvement

  • Incident management: Identifying whether an incident has occurred and advise in relation to reporting any incidents to the Information Commissioner’s Office (ICO)

  • Supporting your investigation in the event of any incidents or breaches

  • Acting as liaison with the Information Commissioners Office


UK GDPR legislation states that organisations who manage and process data must have a named data protection officer, (DPO), who must be able to inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the Information Commissioner's Office (ICO), as well as be responsible for investigations and reporting to the ICO in the event of a data breach – it’s a responsibility that can take up a lot of time for your nominated DPO.


MMDA can provide these services separately or as a bundled package.


By using our IG Management and DPO Services you can be confident that all data your organisation handles is managed legally, securely, efficiently and effectively, whilst empowering staff within your organisation to perform their role using key information governance principles, generating a sustainable data security framework and facilitating first class patient care.


Click here to see our IG and DPO Brochure


Email us at to find out more


Designed and produced by Cube Creative Ltd