Data protection, GDPR and information sharing

Everyone working in social care and health has a responsibility to ensure the safe use and sharing of information. You might be asked to share information that you store digitally, for example with other providers or the local authority, and you need to know how to do this safely.

The General Data Protection Regulation (GDPR) came into force on 25 May 2018 so you should now be aware on the impact of the legislation on policies, procedures and systems. An information leaflet, written by a solicitor, helps set out the implications for social care employers.

Care providers will need to show that they are taking their data obligations seriously. Take a look at the information we’ve put together on why the way we collect, store and share information and data is important.  Our ‘Information sharing guide for social care employers explains when it’s ok and not ok for you to share information and some of the things you can do to ensure you do it safely.

Online training for GDPR

e-Learning for Healthcare are offering an online training module for social care providers on GDPR. To access this download and follow these instructions

Webinar: Cyber security – secure mobile working in social care

Using technology on the move has become so important inside and outside of work, and in the care sector mobile devices are being used more frequently to share and store sensitive information. Despite our best efforts our devices and the information they hold can be at risk. This webinar is hosted by security experts from O2 and can show you how you can protect yourself against the risks of mobile working.

Webinar: Cyber security - staying cyber secure as we adapt to the ‘new normal’

Take a look at how COVID-19 and the rapid shift to mass remote working is driving cyber security transformation. The webinar is hosted by security experts from O2 and Forescout and looks at what the ‘new normal’ will look like as users return to workplaces, changes to the cyber threat landscape in health and social care and network visibility.


Take a look at these short films that show how employers have started to meet some of the challenges of information sharing.

  1. Lessons in integrated working - the Living well project, Cornwall
  1. New systems for information sharing -  the heathland project, Cumbria
  1. Advice from data sharing experts The Centre for Excellence for Information Sharing and the Information Governance Alliance explain how they can support employers in this area. 

To help ensure you comply with data protection laws, you might appoint a data protection worker in your service.

As part of your GDPR requirements you might need to appoint a data protection officer – this depends on the type of organisation you are and how you process data and information. Download our guide to see if you do, and if so, what their role involves.

⇨ Download ‘The role of the data protection officer’ guide

You will need to appoint a Data Security and Protection Lead to ensure your service complies with GDPR. Our guide explains more about this role.

⇨ Download ‘The role of the Data Security and Protection Lead’ guide

NHS Digital have designed an online ‘Data security and protection toolkit’ (DSPT) - a self-assessment tool for data security which supports organisations in demonstrating:

  • GDPR
  • good data security to the CQC as part of the key lines of enquiry (KLOEs)
  • compliance with the expected data security standards for health and social care for holding, processing or sharing personal data
  • readiness to access secure health and care digital methods of information sharing, such as NHSmail and Summary Care Records (a summary of GP information about an individual) and local information sharing solutions. 

The Department for Health and Social Care recommends that all social care providers complete the DSPT as they will hold, process or share personal data. 

NHS Digital are offering a series of online events for social care providers about the toolkit, starting in October. Find dates and book.

Digital Social Care has also produced guidance to support completion of the toolkit, including information on ‘entry level’ compliance – a stepping stone to achieving the ‘standards met’ level. Take a look at the information for social care providers

When you work digitally, there’s the risk of cyber-attacks so it’s important that you have security measures in place.

Cyber security is the name for the safeguards taken to avoid or reduce any disruption from an attack on data, computers or mobile devices.

Security breaches with digital information can be more severe than with paper records as information can be distributed more easily and to a far wider audience.

Cyber-breaches are costly – in terms of expense, recovery time and through damage to reputation. All staff must be aware of how to implement protective measures. 

Read more about cyber security and how to improve it

The Information Commissioner has written a myth-busting blog about GDPR compliance being an ongoing journey, and one where the Information Commissioners Office (ICO) will be a ‘fair and proportionate’ regulator. 

If you need any help, the Information Commissioners Office (ICO) has a helpline aimed at small and medium-sized enterprises and charities. Call 0303 123 1113 and select option 4.