March 11, 2024

How to balance your data obligations with your duty to safeguard a child

Author
Author headshot image
Georgina Jones
Solicitor
View Profile More Articles
Contributing Authors

The Information Commissioner’s Office (ICO) is the independent regulator of information rights. The UK General Data Protection Regulations (UK GDPR) sets out an individual’s data rights. This extends to children and young people, who are generally treated with additional care under the UK GDPR.

As a children’s services provider, you must balance data rights with the care and support provided to children and young people. A key part of this is safeguarding children or young people at risk of harm, which will undoubtedly involve sharing data. Such data may include special category data, such as health information, which needs to be afforded additional caution. The UK GDPR allows you to share information in a safe, proportionate and lawful way.

The ICO's ten steps on sharing information for safeguarding purposes

The ICO has published practical guidance on sharing information for safeguarding purposes. The guidance is aimed at those involved in safeguarding children, at all levels and in all sectors, across the UK. The guidance contains ten steps to follow.

  1. Data protection is a framework to help you share information and doesn’t prevent the sharing of information to safeguard a child. It can be more harmful not to share information if it is required to protect a child. Always seek advice from your data protection officer or other expert, such as a solicitor or your local Caldicott Guardian, and work to balance your obligations in the best interests of the child.
  1. Be clear about your purpose for sharing any information. You should keep a record of decisions made about sharing or not sharing information, and the reason for the same.
  1. Ensure that you have strong governance, policies and systems in place. These should be regularly reviewed to ensure they comply with the most recent legislation and guidance. This includes ensuring that everyone within your organisation is trained in safeguarding and data protection at the level they need. This training should be appropriate for your organisation and refreshed where necessary. Aim to build a culture of compliance and good practice at all levels throughout your organisation.
  1. Tell people how and why their information is being used. Individuals have the right to know what happens to their personal data. However, when sharing information for safeguarding purposes, you may not be able to give everyone equal rights, so you may need to rely on relevant exemptions such as to enable information to be disclosed if required by law or if there is the possibility of serious harm to the physical or mental health of an individual.
  1. When deciding to share information, be sure to fully assess the risks and keep a record of this assessment. This can be done via a data protection impact assessment. However, if sharing data on a one-off basis or in response to an emergency, you can share information that is necessary and proportionate to safeguard the child.
  1. Consider implementing a data sharing agreement between you and any third parties with whom you are sharing information. This is not mandatory but may be beneficial for routine sharing of information. The benefits include clarity around the information being shared, how it will be shared and what to do if things go wrong.
  1. There are seven data protection principles: lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality and accountability. These should always be followed when handling and sharing personal information as well as when preparing policies, procedures and impact assessments.
  1. A lawful basis is the valid reason for processing personal data. Identifying the correct lawful basis for sharing in the circumstances will allow you to share the information you need to safeguard a child. The ICO has a helpful tool to assist – Lawful basis interactive guidance tool | ICO.
  1. In an emergency, there may be limited time to follow due process. Do not hesitate to share information when it is to safeguard a child. Record what you shared, how and why as soon as you can after the event. It may be useful to create a plan for these emergency situations so everyone is aware of the processes to follow.
  1. Read the ICO’s data sharing codeData sharing: a code of practice | ICO.

We echo the guidance provided by the ICO. The importance of robust policies and procedures surrounding data protection cannot be underestimated. We would recommend that all polices and procedures are kept under review and updated as required. Our data protection experts can support providers with this.

Our dedicated Health and Social care team can also provide assistance on safeguarding matters.

health and social care
Health & Social Care
Highly regarded health and social care lawyers, recommended by the Care Association Alliance and a commercial partner of Care England.
Data protection
Data is key to modern day life, with more and more information being generated and held by businesses in both digital and physical form.

More Health & Social Care articles from around RWK Goodman:

News  |  25:04:24
Causes of death to be scrutinised by Medical Examiners
From 9 September 2024, it will become a requirement that all deaths in any health setting (including care homes) that are not referred to the Coroner in the first instance will be subject to medical examiner scrutiny.
Opinion  |  08:04:24
Ofsted’s delays in processing applications and the impact on Supported Accommodation providers
Ofsted’s inspections of providers who provide supported accommodation to looked after children and care leavers aged 16 and 17 years old were due to start in April 2024. However, inspections have now been pushed back to start in September 2024 instead.
News  |  14:03:24
RWK Goodman advises on the sale of Lower Green Limited and The Priory Care Home in Chippenham
RWK Goodman have represented the selling shareholders on the sale of Lower Green Limited as part of the owners’ strategic exit from the industry and subsequent retirement. The transaction included the sale of The...
Podcast  |  08:03:24
How to challenge high street banks with Shawbrook Bank’s Dasos Kirtsides | Legal Thinking Podcast
As part of our Financial Headwinds campaign, we’ve been talking to various people in the finance and kind of banking industry about what’s changing, what’s been happening since the interest rate rises in the...
Opinion  |  06:03:24
The CQC’s Single Assessment Framework is here, but are providers ready for it?
Opinion  |  21:02:24
Sponsor licence revocation: High Court ruling suggests mandatory grounds for revocation should allow for element of discretion
As all sponsors should be aware, having a sponsor licence means complying with various sponsor duties and a breach can lead to the Home Office revoking the licence. Two recent cases have dealt with...
News  |  15:01:24
RWK Goodman announces new Senior Hire in Health and Social Care team
Anna Fee joins RWK Goodman’s Health and Social Care Team with a focus on regulation and contentious matters
News  |  15:12:23
Hazel Phillips appointed board member of NASAP
RWK Goodman is delighted to announce that Hazel Phillips, Partner and Head of the Health and Social Care team, has been appointed as a board member of NASAP (the National Association of Supported Accommodation...
News  |  24:11:23
RWK Goodman advises Gold Care Homes on acquisition of three new care homes
RWK Goodman has advised Gold Care Homes on the acquisition of Marlborough Court in Thamesmead, London, Murrayfield in Edmonton, London and Norwood Green in Southall, Middlesex.

View more articles related to Health and Social Care

Share on:
View more articles