Yesterday the BBC reported that a Scarborough woman attended a hospital for a scan only to be told she had already died. Data Protection professionals will know that Article 5(1)(d) of the UK GDPR states personal data must be: 

“accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)” 

In a shocking breach of this principle, Bridlington Hospital staff told Susan Johnson that, according to their records, she had been dead for four months. This led to her carer’s allowance, paid for looking after her disabled husband, being briefly suspended. 

What is also concerning is the lack of accountability. Neither Mrs Johnson’s GP Practice, the DWP, NHS England and Primary Care Support England (PCSE) have taken responsibility for the error.  

This case shows that data protection compliance is not a tick box exercise. Failure to comply sometimes has severe consequences for individuals.  

This and other GDPR developments will be discussed by Robert Bateman in our forthcoming GDPR Update workshop. We have also just launched our new workshop, on the EU AI Act and the UK Approach to AI Regulation.  

Author: actnowtraining

Act Now Training is Europe’s leading provider of information governance training, serving government agencies, multinational corporations, financial institutions, and corporate law firms.
Our associates have decades of information governance experience. We pride ourselves on delivering high quality training that is practical and makes the complex simple.
Our extensive programme ranges from short webinars and one day workshops through to higher level practitioner certificate courses delivered online or in the classroom.
View all posts by actnowtraining