Norfolk Care Homes working hard to protect residents’ data

Norfolk is home to a higher than national average percentage of people who are over 65 and now has over 370 care homes in the county housing over 10,000 people.

This amounts to an awful lot of individuals’ personal data being held by the care home sector locally and many managers needing to ensure they comply with the new General Data Protection Regulation (GDPR) which comes into force in May this year. A straw poll taken at a GDPR seminar for the care home sector held by Ashtons Legal recently revealed that 86% of delegates felt confident that they were on target to comply with the new rules by the deadline.

GDPR comes into effect on 25 May 2018. It gives individuals new rights to know where information and data regarding them is being held and for what purpose. It puts the onus on businesses which hold personal data to ensure that they have a good reason to do so and only use it for appropriate purposes. The new law will also mean substantial increases in the penalties imposed for those who don’t comply. GDPR applies to any organisation which processes data about individuals whether they are staff, customers, prospects, website users or, in the case of care homes, residents and their families.

Over 100 care home owners and managers and those within the care home sector responsible for IT, HR and compliance attended an event in Norwich recently where they heard from Ashtons’ GDPR specialist James Tarling. James is a commercial solicitor who specialises in helping businesses develop compliant data management systems and processes and helps organisations manage data breaches. In his presentation, he cut through the myths and misinformation about GDPR and informed delegates about the key issues affecting the care home sector when it comes to personal data.

James Tarling comments: “It is imperative that care home owners and managers are aware of their responsibilities in relation to GDPR and it was reassuring that so many of them considered themselves prepared ahead of the regulations implementation. Many were asking detailed questions about particular aspects of their data usage and have already completed an audit of their current processes and started to work through an action plan of what they need to change”.

He added: “I am not altogether surprised by the high number of delegates who indicated they had GDPR in hand – the care home sector is already highly regulated and much of the data held is fairly obvious as it contains information personal to residents. It is other sectors that concern me more where it is harder to determine what ‘data’ actually is”.