GDPR in the Care sector – what you need to know

On 25th May, the rules around how organisations keep and use data is changing. At McClarrons, we’ve pulled together an overview of what the rules are, and how you can stay compliant.

The new General Data Protection Regulation (GDPR) is an EU rule which will replace the Data Protection Act of 1998 from 25th May. Britain’s exit from the EU will not affect the changes, which have been brought about to give people greater control over their information and how it is stored and used by all types of organisations, including those in the care sector.

As care and nursing homes are more likely to hold sensitive data, it’s especially important that care organisations take note of what GDPR means for them, as a breach could have a notable impact on those whose data has been left vulnerable.

Any fines or investigation from the Independent Commissioners Office (ICO) are dependent on the severity of the breach, and it’s up to you to keep people’s information safe.

Organisations which fail to comply with GDPR risk fines of up to €20 million or 4% of annual turnover, whichever is greater, for the most serious breaches.

What does GDPR say about data?

The principles of the new regulation say that personal data held by organisations should be:

Processed lawfully, fairly and in a transparent manner
Collected for specified, explicit and legitimate purposes
Adequate, relevant and limited to what is necessary
Accurate and, where necessary, kept up-to-date
Kept in a form which permits identification of data subjects for no longer than is necessary
Processed in a manner that ensures appropriate security

How to stay compliant

Familiarise yourself with the data you currently hold – You need to review what personal data you currently hold, why you have it, and how you obtained it. These new rules as stated above allow you to communicate information which is essential to the provision of your service.

If you want to continue to send marketing communications, you’ll need to ensure that contacts have actively “opted in” to phone calls, emails, letters or texts.

Focus on security – Encryption sits high on the GDPR agenda as this greatly reduces the likelihood of leaving data vulnerable to exposure. If you demonstrate that prudent measures have been taken to protect the data you hold, including encryption, staff education and anti-virus software, you’re less likely to incur a penalty if there is a breach.

Be aware of new rights – Be prepared for the fact that individuals have more rights when it comes to accessing the data you hold on them and asking for it to be removed. One of the differences between GDPR and the Data Protection Act is that there are no fees for individuals to pay when making a data request.

Understand what represents a breach – A breach goes beyond losing someone’s personal data or leaving their information vulnerable to hackers. It can also relate to unauthorised access or disclosure, loss or complete destruction, and alteration.

Depending on the repercussions, such an incident could be classed as a “serious breach”, and would, therefore, need to be reported to the ICO within 72 hours. An example might be an event which leads to lost medical notes.

A minor may refer to an instance where data hasn’t been compromised (such as sending an email to the wrong person) and so wouldn’t need to be reported.

Update your privacy notices – Your website privacy notices explain the legalities around your need to process data. As there will be greater restrictions on why you hold personal data and for how long, these privacy notices will need to go into much greater detail, but still be easy to understand for your customers.

Under the new GDPR, information within your website privacy notice should include:

Why you’re processing the data in the first place from a legal perspective
Who you may be sending it to
How long you’re holding it for and what determines this period
A reminder of the data subjects rights

Do you need a data protection officer (DPO)? – Organisations with over 250 employees dealing with sensitive data will need to appoint a data protection officer, to monitor or process sensitive data.

If you have fewer than 250 employees, you will need to document instances of high-risk processing.

To discuss your responsibilities and how insurance can support you in the face of regulatory action, get in touch with the care team at McClarrons. Call 01653 697055 or email care@networkportfolio.co.uk/mcclarroninsurance.com.

More Stories

McClarrons welcome new Head of Farm

Despite the challenging times we as a nation are currently facing, McClarrons continue to invest in their rural team, recruiting a new Head of Farm – Grant Hartley.

How to protect your farm against crime during the Coronavirus pandemic

The Coronavirus pandemic is causing disruption to many businesses, including to those working in agriculture.

Are you worried about your upcoming holiday plans?

As everyone feels the impact of Coronavirus, we offer some general advice if you have a holiday booked this year and think you may need to make a claim on your travel insurance.

Shaping your insurance programme at this difficult time – and the pitfalls to avoid

As Coronavirus challenges individuals and businesses, we look at the potential changes you may want to make to your insurance portfolio and the potential pitfalls to avoid when doing so.

What support is available for businesses in response to COVID-19?

With COVID-19 having a huge impact on businesses across the country, we outline some of the main sources of support on offer through this challenging time.

Fraud: The most under-estimated risk?

There is one form of crime which is affecting more of us in the UK than ever before: Fraud. And it is scary to think that most small and mid-sized businesses have no insurance protection in place!

Working from home? Here’s our tips…

Many of us will now be working from home due to the Coronavirus Pandemic. To some, this is the norm, but for many, this is out of the ordinary. Here, we offer some tips to help you work effectively!

Abuse and Medical Malpractice – do you know how you are covered & why it is important?

Whether a claim is valid and accepted depends on numerous factors, including the period of time your policy covers you for. Insurance policies are generally renewed annually so you might expect the period of time it covers to be 12 months but this is not always the case.

Will your business insurance respond to Coronavirus?

As cases of 2019-nCOV increase in the UK, how will commercial insurance policies respond to those businesses affected?

Money’s in the Banksy

2017 saw a seismic change in the UK’s artistic tastes, from traditional art towards Urban and Street art, particularly in Banksy’s artwork, which varies in price significantly.

Understanding Underinsurance – Learning from the Australian Bushfires

The recent Bushfires in Australia have brought Underinsurance into global news, as homeowners and businesses Down Under are realising the devastating consequences of not adequately insuring their properties.

We welcome a new Farm Account Executive to our Malton team

As McClarrons continues to expand, we welcome a new Farm & Equine Account Executive at our Malton office – Andy Rhodes. Find out more about him in our latest blog post.

The Future of Farming: Through Brexit and Beyond…

On 19th, 20th and 25th February, McClarrons insurance brokers are hosting a series of free farming seminars in the Malton, Patrington and Richmond areas, which aim to provide advice and support to the rural community.

Why, even as a small business, you should consider terrorism cover

Terrorists are continually developing their tactics, with one goal in mind – causing terror to disrupt and devastate businesses and the economy. You may think terrorism is unlikely to impact your business but according to the Federation of Small Businesses (FSB), “Smaller businesses are most vulnerable as they lack resources of larger organisations to plan for, protect and recover from the consequences of attacks.”*

McClarrons support this year’s Point-to-Points!

Find out which Point-to-Points we are supporting this season in our latest blog post.

Your responsibilities as an employer, and how you can protect yourself

HMRC are becoming increasingly vigilant about the businesses they are investigating and have intensified their investigations into rural and equestrian businesses in particular. Here, McClarrons insurance brokers look at what you need to consider.

Merry Christmas and a Happy New Year from everyone at McClarrons!

Find our opening hours over the festive period and take a look at what we have been getting up to throughout 2019!

How to protect your rental property throughout the winter months

Follow our guide to help ensure your rental property is protected during the winter months. Here, we provide guidance on external and internal checks, which can help protect against claims or even a resulting loss of profit.

Raising awareness of Road Safety Week - how to stay safe on our rural roads

To raise awareness of Road Safety Week (18th – 24th November), we have highlighted the dangers of driving on rural roads and how you can look to help prevent accidents.

Health & Wellbeing - it’s more than yoga and fruit on a Friday

Some businesses seem to be hooked on the latest gimmicks and trends – how about morning yoga, meditation, mindfulness or ‘gratitude’ sessions? Others are offering free fruit, bean bags in breakout areas, gym memberships and office allotments to improve the office “vibe”. But let’s get real for a minute.

Keyless Car Theft and how to avoid it

The rise of keyless car systems on new cars is leaving them increasingly at risk of being stolen quickly and easily. Here, we offer some guidance on how you can minimise this risk.

View all articles

Request a Callback

Newsletter Signup