New data from Digital Health Intelligence (DHI) reveals that 55% of acute trusts 47% of mental health trusts have an implementation plan for the General Data Protection Regulation (GDPR).

DHI approached 150 acute trusts and 53 mental health trusts and asked them whether they had formulated a strategy to ensure they are compliant with upcoming changes to the way organisations handle and store data.

One hundred and thirty-three trusts responded to DHI, including 97 acute trusts and 36 mental health trusts.

In total, 70 of the 133 respondents (53%) claimed to have a plan in place for GDPR implementation. Of the acute trusts, 53 said they had a compliance strategy, while 43 said they had no such plan.

Meanwhile, 17 of the mental health NHS trusts in England claimed to have a game plan for GDRP compliance, and 18 said they did not.

Two of the 133 trusts that responded claimed to have a developed a “partial” plan. This included Milton Keynes University Hospital and Avon and Wiltshire Mental Health Partnership.

Of the 61 trusts without a GDPR plan, 11 said they were in preliminary planning stages or otherwise suggested that a plan was being considered.

The data gathered by DHI has been collated into an interactive map. Each trust is represented by a coloured circle, with green indicating that a plan is in place, orange that a plan is being developed and red that there is no plan in place.

The research was carried out between February and November 2017. Its aim of the study was to provide insight for suppliers engaging with the NHS around data-sharing projects, while allowing NHS organisations to compare their GDPR compliance status with that of peers.

The EU-wide legislation holds massive implications for the NHS and other healthcare providers, which handle huge volumes of sensitive patient information.

Organisations have until 25 May 2018 to bring their data-handling policies in-line with the new legislation. Those who fail to adhere to the rules face sanctions by the Information Commissions Office (ICO), including fines of up to €20 million for the most serious infringements.

As such, the NHS now faces the unenviable task of pulling together the reams of data it holds across its multitude of silos and stand-alone systems.

Attempts have been made to make it easier for trusts – some of which own up to 500 IT systems – to consolidate their data in preparation for next year’s deadline.