DPO Programme – Module 1 (Virtual)

Number of capacity: 15

Summary

This focused online session establishes the legal and structural foundations of data controllership within a GP partnership. It examines Articles 4, 5, 6, 9 and 24 UK GDPR and concentrates on partner-level accountability, liability exposure and governance architecture. 

The emphasis is on evidential readiness — what a GP practice must be able to demonstrate under regulatory scrutiny. 

A 2.5-hour doctrine-led governance session covering: 

• Who is legally the Data Controller in a GP partnership 
• Joint controllership risk within PCN arrangements 
• Public task vs consent discipline 
• Special category safeguards and APD requirements 
• Accountability under Article 5(2) 
• Governance documentation architecture 
• Enforcement reasoning and fine logic 

Mapped to NHS DSPT Standards 1–3 

Course Content

• Controllership in partnership structures 
• Lawful basis of discipline in primary care 
• Special category safeguards and policy requirements 
• Accountability and evidential burden 
• Governance reform blueprint for GP practices 

Expected Outcome

• Define the legal responsibilities of a GP data controller 
• Distinguish lawful basis misuse (consent vs public task) 
• Identify structural governance gaps within their practice