Direct Local Health meets its information protection obligation to provide key leads for information risk management, information confidentiality, data protection and information and asset management.

Key Lead information is also published and publicly available on the ODS Portal register at



Senior Information Risk Owner (SIRO)

At Direct Local Health, our Executive Director, David Zemmel, is the Senior Information Risk Owner (SIRO).

NHS Digital guidelines say that the Senior Information Risk Owner (SIRO) should be an Executive Director or member of the Senior Management Board of an organisation with overall responsibility for an organisation's information risk policy.

The SIRO is accountable and responsible for information risk across the organisation. They ensure that everyone is aware of their personal responsibility to exercise good judgement, and to safeguard and share information appropriately.


Caldicott Guardian

At Direct Local Health, our Director, Nicola Kemp, is the Caldicott Guardian.

NHS Digital guidelines say that the Caldicott Guardian should be a senior person responsible for protecting the confidentiality of people's health and care information and making sure it is used properly.

All NHS organisations and local authorities providing social services must have a Caldicott Guardian. 


Information Asset Owner 

At Direct Local Health, our Chief Operating Officer, Ashley Vos, is the Information Asset Owner (IAO).

NHS Digital guidelines say that the Information Asset Owner (IAO) should be senior member of staff who is the nominated owner for one or more identified information assets of the organisation. IAOs will support the organisation's SIRO in their overall information risk management function as defined in the organisation's policy. 


Data Protection Officer

At Direct Local Health, our Operations Lead, Fraser Hulbert, is the Data Protection Officer (DPO).

NHS England guidelines say that the Data Protection Officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to advise on compliance with GDPR requirements.


Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website