Our organisation has a responsibility to protect and manage data across all of its functions. This policy has been written encompassing the existing Data Protection Act (DPA,1998), and the General Data Protection Regulations (GDPR, 2018).
As a business we process data to allow us to enable our children to be appropriately supported and cared for. In order to do this correctly we must ensure that our practices uphold and safeguard the integrity of the registration we hold and the services that we provide. This requires us, as a business to collect, store and process the data of children, their families, our employees and external stakeholders.
We do this with a full commitment to the GDPR and its underlying principles. This document demonstrates how we comply, what rights individuals have, and how to take action if individuals feel that we are in breach of this policy and the GDPR.
In our role as a registered care provider, we have to process and retain records regarding our children and the staff that we employ. We hold information about family members and friends of our residents. We also hold information about external professionals such as Social Workers, Dr’s, Occupational Therapists, SaLT’s. These records ensure that the staff that are employed are safe and of good character to work within our registered provision. The personal care records provide us with the necessary and essential data necessary to provide safe and effective care and support.
In our role as a registered care provider we process and retain records that provide us with the data necessary to support the child’s journey of care and support. We process and retain records that allow us to employ staff that are safe and competent within a care environment and meet the regulatory requirements for their employment.
It is the duty of our organisation to safeguard the consistency and integrity of the data that is held. Registered Providers that fail to comply with the record keeping requirements and cannot demonstrate safe and effective methods for obtaining, retaining and destroying data may have sanctions imposed on them by Ofsted and non-compliances will be referred to the regulator. For this reason, how we mange that data must comply with the GDPR.
We do not hold all of the same data for all of our Children or staff, this is because we only collect data that is essential to carry out that function. Our initial assessments and care plans are written on an individualised basis. The records that we hold for staff will depend upon their personal circumstances. For example, if a staff member declares a disability, it may be necessary to hold a document that outlines how we will provide reasonable adjustments to support that member of staff.
All information collected on staff or children is confidential and will be kept confidential.
It will not be disclosed to any third party without the prior written consent of the child (or their social worker) unless such disclosure is in accordance with the guidelines provided by the General Medical Council, or the General Dental Council, or the British Medical Association, or the British Dental Association, or the United Kingdom Central Council for Nursing Midwifery and Health Visiting, or the Data Protection Act.
Access to files containing medical or other confidential information or the sharing of medical information shall be limited to providing access to, or sharing information with, people who have a proper medical reason to read it, or be provided with it.
The general principles of the GDPR will inform our decision to obtain, use, retain and destroy data collected as part of our daily processes.
Copyright © 2023 LenLey Housing Group - All Rights Reserved.