Following the events of Friday 19 July that saw critical digital services, including in general practice, across the country impacted by the outage, GPC sought and received assurances from the ICO and NHS England that GPs would not be required to report the availability breach to the ICO created by the outage on an individual basis.

Instead – NHSE is providing a bulk report to the ICO, allowing them to satisfy their obligations under Article 33 (1) UK GDPR.

The ICO confirmed that for those practices that have already reported, they may consider the matter closed with no further action to follow.

However, any breaches unrelated to the crowdstrike outage and its impact on EMIS will still need to be reported.