Ask Sheila - Archive England

Sheila Scott OBE has now retired and therefore is no longer available to answer your social care questions. However, you might still find the answer you’ve been searching for down below.

04th July 2018

What do care homes need to do in order to be compliant with GDPR?

Hi Sheila,  I have just opened a care home and have been told that I need to comply with GDPR. Can you tell me what this means and what I need to do?



Dear M,


Thank you for your question.


GDPR is the General Data Protection Regulation (GDPR) which came into force on 25th May 2018.


There are a number of processes that you need to go through to make sure that you are compliant.


GDPR is a matter that has to be taken very seriously and it isn't just a matter for care homes, it is a matter for every business in this country.


It is though important for any care provider as you will hold a great deal of personal information about the people you care for and the staff who you employ and how you manage that information is going to become increasingly important.


Although the regulations became law on 25th May you should take your time to put your processes in place to make sure that they are sustainable.


There is a huge amount of information about GDPR on the internet and the first and probably most important source is the website of the Information Commissioner.


This is a checklist that is on the website.


The 12 steps to take are:


  1. Awareness


  1. Information you hold


  1. Communicating privacy information


  1. Individuals’ rights


  1. Subject access requests


  1. Lawful basis for processing personal data


  1. Consent


  1. Children


  1. Data breaches


  1. Data Protection by Design and Data Protection Impact Assessments


  1. Data Protection Officers


  1. International


There is also a self-assessment document designed to help you to decide what work you need to undertake to become compliant. I know that many care providers have found this really helpful. There is also a Data protection self assessment.


There are several extremely useful blogs on the QCS website about GDPR and if you are a customer of QCS there are all the policies and procedures you will have received to make sure that you are compliant.


There is also information about GDPR available on the Skills for Care website.


I hope that this is helpful, please come back to me if you require further assistance.


With best wishes.



*All information is correct at the time of publishing.

About Sheila

Sheila Scott OBE has now retired and over the years , prior to her retirement she has answered thousands of your social questions. You can still access the many questions below.

For Sheila Scott OBE as the former CEO of National Care Association (NCA), care is Sheila's life. She possesses a strong command of the issues facing the care sector informed by her long career as a nursing professional, the owner and manager of a care business, and as a leader in the care sector.

Please do get in touch with our team of specialists if you can’t see an answer to the question you may have and we will be happy to help.

Here at QCS we have an extensive panel of specialists with a wide range of knowledge and experience so don’t worry if you have a social care question you are struggling to find the answer to, our team are here to help.

    Join over 130,000 users already using the QCS Management System!
    Start Free Trial Buy Now
    Back to Top