16 May 2018

Anna Turbak | Marketing Executive

GDPR for care homes – not as scary as you might have heard 

With the General Data Protection Regulation coming into force on May 25th this year, there’s been a fair amount of scary ‘facts’ thrown around. There is a lot of new information to take in and the Data Protection Bill gives more details on the overall reforms beyond GDPR that you’re going to see. What you’ll notice is that GDPR for care homes isn’t actually that scary.

According to the Information Commissioner’s Office (ICO), there has been a lot of “scaremongering”; some businesses are being told that firms will no longer be allowed to call a client to remind them about an appointment, or that care providers might face massive fines that will put them out of business. 

These are not true. So, let’s break down what the ICO has actually said:

The new GDPR legislation isn’t designed to penalise your care business. It’s about “putting the consumer and citizen back in control of their data”. The ICO doesn’t make its business going about handing out fines, in fact, they only use them as “the last resort”. In 2016/17, fines were given in 16 out of 17,300 cases they investigated, just 0.09%! 

The new figures do give them the ability to fine more than the Data Protection’s limit of £500,000 up to 4% of turnover. But these aren’t what are going to be issued in most cases. The UK’s Information Commissioner Elizabeth Denham even stated in her own blog that the ICO will be issuing warnings, reprimands, and corrective orders well before any financial penalties are issued. 

“it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm” Elizabeth Denham, UK Information Commissioner 

And whilst there isn’t a grace period for the legislation to kick in the information commissioner goes on to state that businesses (and that includes care homes) aren’t static. The data you use is going to change over time. Any business that self-reports and engages with the ICO to resolve issues is demonstrating accountability and can “expect this to be taken into account when [they] consider any regulatory action”. 

Even so, having greater transparency and good data practice is likely to benefit your care business and help your organisation. That’s why we pride ourselves on our approach to our GDPR obligations as a care software provider.

Find out more about how Log my Care can support your regulatory obligations in relation to GDPR by seeing what we do.