Supported Living in Birmingham

Data Protection & Compliance Policy

Data Protection and Compliance with the General Data Protection Regulation (England) Policy

Aim and Scope of Policy

This policy, in line with UK data protection laws, outlines how Elite Care Homes complies with the data protection requirements found in Regulation 17: “Good Governance” of the Health and Social Care Act (Regulated Activities) Regulations 2014. To comply with these regulations, Elite Care Homes must ensure proper governance of record-keeping, ensuring records are fit for purpose and securely maintained.

Elite Care Homes recognizes the importance of maintaining full, accurate, and up-to-date records for people receiving care, staff, and operational matters in compliance with data protection, confidentiality, secure storage, and authorized access procedures. Elite Care Homes also acknowledges its obligation to protect personal data according to the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

This policy applies to all manual and digital records kept by Elite Care Homes related to people receiving care, including staff and third parties who may interact with personal data. It is to be used in conjunction with other relevant record-keeping and information governance policies.

Policy Statement

Elite Care Homes is committed to maintaining all records necessary for the protection and well-being of people receiving care and for the efficient running of the service. The service complies with the Data Protection Act 2018 and GDPR, which became effective in May 2018. Elite Care Homes understands that it is responsible for processing, managing, regulating, storing, and retaining all personal data in both manual and electronic forms. This responsibility includes:

  • Lawful and fair data collection
  • Holding data for specified, lawful purposes
  • Processing data in accordance with the rights defined by GDPR, such as:
    • Right to be informed
    • Right of access
    • Right to rectification
    • Right to erasure
    • Right to restrict processing
    • Right to data portability
    • Right to object
    • Rights related to automated decision-making and profiling
  • Ensuring data is adequate, relevant, and not excessive
  • Keeping data accurate and up-to-date
  • Retaining data only for as long as necessary
  • Implementing safeguards against unauthorized use, loss, or damage
  • Complying with GDPR’s international data transfer rules
  •  

Elite Care Homes has a designated data controller and a data protection officer responsible for safeguarding personal data.

Procedures

Elite Care Homes has implemented the following measures to comply with data protection laws:

      1. Appointment of Key Personnel:
        • A data controller responsible for processing and controlling data.
        • A data protection manager or auditor responsible for reviewing and auditing data protection systems.
        • A data protection officer responsible for overseeing the integrity of all protected data.
      1. Information for People Receiving Care:
        • Elite Care Homes provides information to individuals about their data protection rights, including the national data opt-out policy and the actions they can take if their data is compromised.
      1. Staff Training:
        • All staff are trained in data protection, confidentiality, and correct data handling.
      1. Data Inventory:
        • Elite Care Homes maintains records of all personal data held, including its origin and potential sharing arrangements.
      1. Risk Assessments:
        • Regular risk assessments are conducted to identify vulnerabilities in data handling and security, with measures taken to mitigate risks.
      1. Consent Procedures:
        • Individuals’ consent is sought for data collection, use, sharing, and retention, and procedures are regularly reviewed.
      1. Access to Personal Data:
        • Policies and procedures are in place to facilitate access to personal data, including subject access requests in line with GDPR.
      1. Data Breach Protocols:
        • Mechanisms are established for detecting, reporting, and investigating data breaches. Elite Care Homes complies with the duty to report significant breaches to the Information Commissioner’s Office.
      1. Children’s Data:
        • If personal data is held on any child under 16, Elite Care Homes informs the child and obtains consent from the responsible parent.

National Data Opt-Out Policy

Elite Care Homes complies with the national data opt-out policy, which allows individuals to opt out of sharing confidential patient information for purposes beyond direct care and treatment, such as research and planning. This applies to social care services funded by Local Authorities or the NHS in England.

Training

    • New staff must read and understand Elite Care Homes’ data protection and confidentiality policies as part of their induction.
    • All staff are trained on basic confidentiality, data protection, and record-keeping procedures.
    • Specific training is provided to those responsible for processing personal data, ensuring compliance with GDPR.
Scroll to Top