15. DATA PROTECTION POLICY
The Employer will ensure that the processing of Personal Data in connection with Service Users and Employees complies with the Data Protection Act 2018 and GDPR.
Personal Data shall:
– Be processed fairly and lawfully
– Be obtained only for specified and lawful purposes, and not be processed in any incompatible manner
– Be adequate, relevant and not excessive
– Be accurate and, where necessary, kept up to date
– Not be kept longer than necessary
– Be processed in accordance with the rights of Data Subjects
– Be protected by appropriate security measures
– Not be transferred outside the European Economic Area unless an adequate level of data protection exists
Both Service Users and Employees have the right to be supplied with a copy of the personal data that the Employer possesses. All requests are to be made to Isla Mcphie-Janjanin.
Employees are expected to inform the Employer of any changes in their circumstances that could affect the accuracy of the data.
GENERAL DATA PROTECTION REGULATION POLICY (GDPR)
Moorcare Devon Ltd collects and stores data regarding client’s care needs and all employee information relevant to recruitment and retention.
Data comes into the business via telephone, verbal conversations, post and email.
Data flows out of this business using the same delivery systems as above but also hard copy care plans that are kept clients houses and hard copy rotas that are kept with carers and handed back into the office the following week.
All client information is stored under two password protected software programmes.
The first, Ulysses, programs schedules for a client and only contains information that is relevant to this. Invoices are also sent from this system.
The second software program is the PASS System. This is where all care planning information, consent and privacy consent forms are kept.
Employee information is also kept in these two systems.
The Employer keeps a hard copy care plan and any hard copy notes (in case of system failure) in a locked filing cabinet. The Employer also keeps Employee documents in a locked filing cabinet.
GDPR lays down the rules in relation to processing personal data and rules relating to the free movement of data. The regulations aim to protect the fundamental rights and freedoms of individuals, particularly the right to the protection of personal data. The rights of the individual are:
· Right to be informed
· Right of access
· Right to rectification
· Right to erasure
· Right to restrict processing
· Right to data portability
· Right to object
· Rights related to automated decision making, including profiling
Under GDPR every organisation should have a nominated data user/data controller. The data user/data controller for Moorcare Devon Ltd is Isla Mcphie-Janjanin.
All computer systems used are password protected and consent from the service user or their significant other is required by the data controller before any information is shared.
Care notes can be viewed via the OPENPASS system which can be viewed remotely and in the client’s house. This is an opt in and must be consented to.
Any service user, relative, significant other requiring to access their care notes should contact Isla Mcphie-Janjanin to make arrangements to view OPENPASS. Service users with sensory or other disabilities will be given appropriate help and support from an independent source as required.
Service users who have a complaint about the way that the organisation keeps files about them, or who are refused access to files that they believe they should have access to, should be referred to the Data Protection Information Commissioner.
GENERAL DATA PROTECTION REGULATION POLICY AND STAFF
· wherever practical or reasonable, fill in all care records and service user notes in the presence of and with the co-operation of the service user concerned
· ensure that all care records and notes, including Service User Plans, are signed and dated
· ensure that all files or written information of a confidential nature are stored in a secure manner wherever possible.
Emailing Staff schedules
Staff schedules can only be emailed from the office of Moorcare Devon Ltd to the staff who must have a printer at their home so that a hard copy of the schedule can be carried with them to reduce mistakes and follows Data Protection
Staff Training in GDPR compliance.
All staff will have introductory training and then refreshed annually.
Management staff will have additional training with GDPR in relation to their roles.
Data Breach Procedure
Alert the office or on call system
Complete an incident form as soon as possible, documenting what has happened and what has been done regarding breech.
Tell the person/ persons that have been affected.
Assist management to risk assess and put in control measures to stop the same repeated breach of data in future.
There will be an annual audit due in October for any data breaches.
17. EMAIL AND INTERNET POLICY
Email and Internet facilities are provided for business purposes only.
The Employer is committed to maintaining and developing information technology resources for business purposes. However, there are very serious legal implications attached to the use of this technology. The Employer is therefore required by law to ensure that effective controls are in place to prevent breaches of security, harassment and any negative or illegal consequences occurring from the misuse of these facilities.
E-mail facilities are provided exclusively for the purpose of the Employer’s business. Abuse of the e-mail facility is a serious disciplinary offence which may amount to gross misconduct. Examples of abuse of the e-mail facility include:
· Using e-mail for personal purposes
· Using email to send licensed or unlicensed software
· Sending defamatory or derogatory material.
These examples are not exhaustive or exclusive and offences of a similar nature will be dealt with under the disciplinary procedure.
You are reminded that the use of this facility is a privilege and that all e-mail messages, whether incoming or outgoing, are not the personal property of the sender or recipient.
You are also expressly forbidden from sending e-mail messages which contain material which is or might reasonably be considered to sexually harass, offend, bully or discriminate against others.
The Internet provides its users with a vast amount of easily accessible information. Use of this facility is solely for business purposes.
Employees are expressly forbidden from using the Employer’s Internet facilities for “hacking” or gaining any unauthorised entry into any other third party’s computer system.
You are expressly forbidden from accessing or downloading any illegal, obscene, offensive or inappropriate material such as pornography.
You are advised that the use of the Internet to access pornographic or other potentially offensive material may be regarded as gross misconduct for which you may be liable to summary dismissal.
You should always ensure that all relevant copyright restrictions and virus protection procedures are complied with.
If you publish information on the Internet relating to our business or affairs, you must ensure you receive prior written approval from the Employer and ensure that you use copyright markers.