About our Services

KWJCL specialises in finding answers to the often-put information sharing questions “How can we do this?” and “How should this be done?”. That includes ensuring that legal basis is always established to comply with GDPR.

We work with national guidance from a variety of organisations to find the right answer for you and we are very operationally focussed.

KWJCL’s range of expertise also covers associated services, such as enabling the provision of remote services through to frequent attenders or the legal issues linked to waiting times initiatives.

Our Service approach allows for support to be provided by our current and growing number of consultants, extending what we are able to provide. In more recent times our services have been utilised to develop and support new initiatives and services.

Our consultants have developed over time many key skills and understandings which enable us in partnership to provide:

• Ability to understand the individual service and the environment it is working in: 
• The current challenges for organisations as well as the wider Health and Social Care activities.
• Specific areas knowledge of the ICB  plans, including having been involved at ICB level 
• Identification and cascade of wider / complex issues into relevant communications and activity that is needed (MUST, SHOULD and COULD) context for the individual client
• Ability to work at all levels and support leadership (vital part of the SIRO/Caldicott functions) 

Based on new NHS pay rates have you done any work linked to how we can show we may be cheaper than perm staff?

Fulltime NHS staff are worth every penny but the market is starting to mean that we may be cheaper.

By using our service on a contract you can achieve the DSPT V7 A1.b Statement "Key roles are missing, left vacant, or fulfilled on an ad-hoc or informal basis"

There are several options available to organisations:

Option One

• Bring in a single individual for a defined period to “do the job”
• There will be dependencies on availability plus having a single point of failure

Option Two

• Bring in a service option for the same day rates where the service undertakes what is commissioned
• That means access to at least two (+) staff who have the suitable experience to support what has been commissioned and will deliver as a project
• For your client that may be of benefit as it is wholly owned by the Council and we have experience of supporting organisations where they are the client but there are complexities around that legal relationship with the 100% owner

• Given that this is a service, there is no single point of failure
• There is also a consensus approach based on skills mix linked to whether documentation is consistent across multiple standards – basically it is an enhanced quality check process

Costings

• We work on the basis that there is no difference in costings between Option One and Option Two   
• The day rate is the same if one person were to work on a document or if three worked on the same document

Services we Provide

Information Governance Service

• Complete management of their Mandatory NHS DS&P Toolkit submission - evidence (collation and creation) and improvement plans.
• Data Protection - Review of Data Protection Impact Assessments (DPIA) and providing assurance to senior management, Review of data sharing agreements in line with NHS Standard Contract requirements, organisations or individuals with data protection concerns. Acting as the first point of contact with the Information Commissioner linked to incidents or incident investigation, Support for Contract reviews and procurement activity in relation to Data Protection as needed, First point of contact with Data Subjects for Data Protection concerns, Provide regulatory Advice on Data Protection
• Information Governance service. Incident management, General IG queries and support (including remote help desk support), Data Security & Protection Toolkit, GDPR compliance – Brexit activity, Attendance at core Trust / Local / national meetings, Policy review and updating, DPIA review.
• Freedom of Information Service. Acknowledge all new request, indicating response time, Progress internally, Progress with DPO Service if issues encountered, Develop final response, Sign off commissioner (if required), Release.
• Information Governance development improvement service. Implementation and development of Data Flow mapping software and / or information asset software or process (includes system level security policy process).
• Specialist IG Training: Caldicott and SIRO, Subject Access request, Information asset owner / administrator training, Freedom of Information, Record management
• Covid 19 Support. Fast Track decision support making activity, Attendance at local / national COPI meetings, Creation of Covid register of processing activity, Review of Covid activity and development of exit strategies, Provision of best practice guidance

Data Protection

• Review of Data Protection Impact Assessments (DPIA) and providing assurance to senior management,
• Review of data sharing agreements in line with NHS Standard Contract requirements, organisations or individuals with data protection concerns.
• Acting as the first point of contact with the Information Commissioner linked to incidents or incident investigation, Support for Contract reviews and procurement activity in relation to Data Protection as needed
• First point of contact with Data Subjects for Data Protection concerns, Provide regulatory Advice on Data Protection

Data Protection Officer

• Certain organisations from May 2018 are now required to appoint a Data Protection Officer (DPO) or have access to a service that provides this function.
• As a role/service this is a new profession which will continue to develop over the coming months and years.
• Where we provide this service (and because this is a developing profession), we incorporate a practical approach to ensure that staff are correctly supported BUT there is always a high degree of objectivity. 
• The DPO is legally required to make decisions that comply with data protection legislation and that may at times mean they provide a decision or answer that an organisation may not “like”.

Freedom of Information Service

This is in relation to a FOI review and improvement activities:

Daily

• Progress with FOI admin if issues encountered
• Develop final responses
• Sign off with Organisation / Department Lead for FOI
• Release

Monthly

• Provide monthly performance reports
• Highlight any issues linked to final response times
• Review Publication Scheme

Further consideration:

• Consider how to develop new ways of gaining responses
• Develop a triage system linked to how to support Departments and how to help them consider responses and possible exemptions
• Training provision

Other Services

• Policy Review
• Specialist IG training
• Subject Access Request guidance / service
• Information Governance Improvement