What do care homes need to do in order to be compliant with GDPR? | QCS

Hi Sheila,  I have just opened a care home and have been told that I need to comply with GDPR. Can you tell me what this means and what I need to do?


Sheila Scott
Answered by Sheila Scott


Dear M,


Thank you for your question.


GDPR is the General Data Protection Regulation (GDPR) which came into force on 25th May 2018.


There are a number of processes that you need to go through to make sure that you are compliant.


GDPR is a matter that has to be taken very seriously and it isn’t just a matter for care homes, it is a matter for every business in this country.


It is though important for any care provider as you will hold a great deal of personal information about the people you care for and the staff who you employ and how you manage that information is going to become increasingly important.


Although the regulations became law on 25th May you should take your time to put your processes in place to make sure that they are sustainable.


There is a huge amount of information about GDPR on the internet and the first and probably most important source is the website of the Information Commissioner.


This is a checklist that is on the website.


The 12 steps to take are:


  1. Awareness


  1. Information you hold


  1. Communicating privacy information


  1. Individuals’ rights


  1. Subject access requests


  1. Lawful basis for processing personal data


  1. Consent


  1. Children


  1. Data breaches


  1. Data Protection by Design and Data Protection Impact Assessments


  1. Data Protection Officers


  1. International


There is also a self-assessment document designed to help you to decide what work you need to undertake to become compliant. I know that many care providers have found this really helpful. There is also a Data protection self assessment.


There are several extremely useful blogs on the QCS website about GDPR and if you are a customer of QCS there are all the policies and procedures you will have received to make sure that you are compliant.


There is also information about GDPR available on the Skills for Care website.


I hope that this is helpful, please come back to me if you require further assistance.


With best wishes.



About Sheila Scott

Sheila Scott OBE from National Care Association (NCA). Care is Sheila’s life; she possesses a strong command of the issues facing the care sector informed by her long career as a nursing professional, the owner and manager of a care business and as a leader in the care sector. 3. Read more

Related Questions