Alternatively click one of the options below to speak to us

Email Call

In April 2013, Dame Fiona Caldicott made a second review of Information Governance, generally known as Caldicott 2, which added a 7^th principle and in 2020 a further principle was added.

The eight Caldicott Principles are now:

1. Justify the purpose(s) for using confidential information 
2. Don’t use personal confidential data unless it is absolutely necessary 
3. Use the minimum necessary personal confidential data 
4. Access to personal confidential data should be on a strict need-to-know basis 
5. Everyone with access to personal confidential data should be aware of their responsibilities 
6. Comply with the law 
7. The duty to share information can be as important as the duty to protect patient confidentiality 
8. Inform patients and service users about how their confidential information is used

Caldicott and the GDPR share many of the same basic principles and the knowledge and skills to be a Caldicott Guardian or a Data Protection Officer are therefore similar. 

However, the seventh Caldicott principle “the duty to share information can be as important as the duty to protect patient confidentiality” is different in that the GDPR essentially considers personal data and confidentiality to be paramount.   

This difference can therefore lead to circumstances where the role of data protection officer and Caldicott Guardian conflict.

Outsourcing one or both of the roles mitigates conflicts of interest.  Where the DPO Centre provides resources for both data protection officer and Caldicott Guardian within a single organisation, we provide two separate individuals and therefore avoid the potential for conflict.