As part of their typical tasks, care businesses hold personal data, including some that is considered sensitive, on a range of people. It’s an area that care firms already need to take action in, but incoming EU-wide legislation means that requirements are about to get even tougher.
Firstly, what is GDPR? The General Data Protection Regulations covers all EU member states and comes into force from 25 May 2018, following a two-year transition period. It sets out how personal data can be collected, stored, and used. Overall, it gives more rights to the individuals, for example, allowing them to request that their data is erased and requiring companies to get explicit permission to use the data that has been gathered. On top of that, businesses will have a greater responsibility for ensuring the data is protected.
The changes are undoubtedly going to affect the majority of organisations operating within the care sector and if you’re not already compliant it’s time to think about the changes you need to make. So, how will it affect you?
You need to set out an agreed relationship between you and those you hold personal data on, including how you will use the information that you possess. This applies to legacy data too.
You should delete data or seek further agreements at the end of contracts. You will also need to ensure you have a process in place to erase information should it be requested.
If you work with third parties where your data is concerned, you should ensure that they are compliant with GDPR too, you could be affected if a sub-contractor doesn’t meet the standard.
You should also review the current protection used for the data you hold. You will need to report data breaches moving forward and have a responsibility to ensure you’ve taken reasonable steps when it comes to security.
How can novacare | recruit help you?
If you’re worried about whether your care business will be compliant with the new data regulations, novacare | recruit can provide some support. Our software for the care sector, takes these new legal requirements into consideration in the way that it stores and allows you control over data. Having achieved ISO 27001 certification, you know that you can rely on our processes and internal operations.
Recent Comments