80 Information Sharing Governing legislation for safeguarding is the General Data Protection Regulation (GDPR) which is part of the data protection regime in the UK, together with the new Data Protection Act 2018. It imposes tighter regulations on the use of personal information and higher penalties for noncompliance. 1. Summary of GDPR The GDPR has six high level principles. These state that personal data must be: Processed fairly and lawfully Used for a specified purpose Accurate and kept up to date Adequate and relevant for the purpose Kept no longer than is needed Protected by technical and organisational measures GDPR provides rights for adults whose data or personal information is kept by agencies. These include: A right to have information transferred electronically where they are required to repeatedly provide this. Subject Access Requests (SAR) response times are reduced to 30 days with clear management processes and record retention schedules in place. Privacy Notices or fair processing statements must be robust about the use of people’s data, retention periods and who the information will be shared with. If there is no lawful basis for collecting personal information, then consent must be sought and recorded. Consent can also be withdrawn. 2. Lawful basis for processing Agencies have several lawful bases for processing information about adults. None are better or more important; their use depends on the purpose and relationship between the organisation and the adult. In all circumstances the processing must be clearly necessary otherwise it may not be lawful. It also must be specified at the outset of the relationship, not retrospectively and not exchanged for another lawful basis without a legitimate reason which needs to be communicated to the adults affected. The legal reasons for processing information are: Consent Contract Legal obligation Vital interests Public task Legitimate Interest Special Category data Criminal Offence data Safeguarding concerns will always fall within the public task and / or legitimate interest categories. Note – legitimate interest is explained at the end of this Appendix. Notwithstanding the above, the overriding rule is that staff need to share information to protect someone from harm or criminal activity. Appendix 8 – Information sharing
RkJQdWJsaXNoZXIy NTIyMzU=