Kaleidoscope Data Privacy Consultants

Innovative and practical solutions to support the lawful and ethical processing of personal data for health and social care

Read more

Don't be an IGnoramus about DSPT

Contact Kaleidoscope for support

Read more

Prepared for a no-deal Brexit?

Contact Kaleidoscope for EEA Representative services

Read more
  • National and regional bodies

    Kaleidoscope has worked with national, regional and sub-regional bodies to create data management frameworks and governance arrangements that work to deliver data-enabled public services to citizens.

    Read More
  • Payers and providers

    Kaleidoscope supports organisations of all sizes and across the team has experience of working in all types of health settings from primary care practices to large multi-site hospitals.

    Read More
  • Medical technologies

    The scope of GDPR extends far beyond simply data security and Kaleidoscope have worked with a variety of medical technology developers supporting them with compliance with GDPR and access to the UK's NHS market.

    Read More
  • Life sciences

    Kaleidoscope has experience supporting Clinical Research Organisations (CRO) and sponsors to navigate the complex legislative landscape.

    Read More

National and regional bodies

In Western health and social care there is an almost universal drive to provide integrated service delivery across organisational boundaries. These new ways of working present significant challenges for people and systems, not least data sharing and linkage.

Read More

Payers and providers

Health and social care provision is typically separated between those that buy the services (payers) and those that provide the services (providers). Depending on a country's funding model, these may vary in their relationship, for example between state-funded, as in the UK, and insurance-funded, as in Australia.

Read More

Medical technologies

The Medical Device Regulation does not address processing of personal data and compliance with this Regulation does not provide assurance that the processing is lawful. The EU's General Data Protection Regulation (GDPR) applies and must be complied with in all respects regardless of whether a device holds a CE mark.

Read More

Life sciences

In Europe there is a relationship between the EU's General Data Protection Regulation (GDPR) and the Clinical Trials Directive. In European law a regulation is law in every state, although maybe varied locally, whereas a Directive must be implemented through individual state law. This approach results in a greater variance between laws implementing a Directive and those that implement a Regulation.

Read More