Data protection statement
We care about your Data
We really care about protecting your residents’ data. We have designed our business and its systems from the bottom up with privacy in mind and have taken every step to comply with the General Data Protection Regulation (GDPR) 2018 and UK Data Protection Act 1998, including working towards a Data Protection Impact Assessment (DPIA) and assigning a Data Protection Officer (DPO). The GDPR outlines best practice across Europe and comes into force in May 2018. We are also registered with the UK Information Commissioner’s Office (ICO).
Where do we store your data?
All resident data is stored on the cloud in secure environments. We chose the market leader, Amazon Web Services, as our cloud provider. The GDPR requires us to host in the EU, which we do.
How do we protect your data?
We use the best-in-class cloud-based data storage and ensure data is fully encrypted both on the cloud and in-flight to AES-256 (the top end of the NHS recommended standards). Access to data is only granted with valid login credentials to users who have been given access by care providers themselves.
Who controls the data?
Log my Care is strictly a ‘data processor’ as defined in Article 28 of the GDPR. We do not own data entered into our system, this is passed on by care providers who are themselves classed as ‘data controllers’.
Wait do I need to comply with GDPR?!
Yes, care providers are ‘data controllers’ and should, by law, carry out a Data Protection Impact Assessment (DPIA). Essentially, it’s a risk assessment for what could go wrong in the cyber world.