We are days away from the implementation of the General Data Protection Regulations (GDPR) across the UK. May 25th is a date that should be enshrined in your diary, as the day on which the new regulations come into force.
What will it mean for NCF members, and care providers across the UK?
Well the first thing to note is that you are not alone! There are a wide range of resources and support to help you to get your business in line with the new regulatory requirements
. Many of the most useful resources that have been tailored to the care sector can be found here
The second, is that GDPR has been billed by a wide range of specialists as ‘a marathon, not a sprint’. What does this mean? Well, largely it recognises that compliance with the full breadth of the regulation does not involve the flicking of a switch, but rather a detailed construction of a circuit that will enable you to shine a bright light on the protection of data within your organisation. This does not mean that you only need to start your marathon on the 25th May, this work should have been going on in your organisation for many months. However, it also will not end on the 25th May, and you will need to continue your organisational data journey over the coming months and years.
The Information Commissioners Office
, responsible for the enactment of the regulations is not, of course, the only regulator with an eye on the critical role of Information Governance. In the grand old adage of London Buses, there is not one push on this key area of data management - but you have guessed it - three have come at once.
The CQC have built into their new KLoEs, launched on the 1st November last year, the following measure.
WL 5.2 Does the service share appropriate information and assessments with other relevant agencies for the benefit of people who use the service?
This is looking specifically at how information flow is managed to both ensure that there is a valuable flow of information between agencies, while also ensuring this continues to protect the data rights of individuals using services. This will become ever more important as greater integrated information sharing comes on line.
Also, new guidance has been issued
by the Department of Health and Social Care, which states clearly the requirement for all social care providers who are commissioned in some way by the health sector, to comply with the requirements of the Data Security and Protection Toolkit (DSPT)
. For those of you who have been familiar with the previous Information Governance toolkit, this updated version is intended to be much more proportionate and manageable for social care, but still of course will require detailed work to ensure compliance. The requirement to comply with the DSPT stated in the guidance talked about a deadline of April 2018, however, the final toolkit itself has not yet been released – making this a bit of a tautological challenge. However, it is coming, and therefore the pressure to get your Information Governance in order has never been more apparent.
The NCF, in partnership with the wider Care Provider Alliance, and Skills for Care, ran a series of workshops looking at the impact of all these three drivers earlier this year. All the resources from these workshops can be found here
. We hope to be pushing forward with more work in this area in the near future, as the care sector is one of the key holders of personal data, and as such, will need to be ever more vigilant that it uses the data in a way that enhances the protection of the individual rights of both people who use care services, and work within them