83 needs it. If consent is difficult, it will be necessary to look for a different lawful basis. Making consent to processing a precondition of a service may not be appropriate or helpful. Public authorities and employers will need to take extra care to show that consent is freely given and should avoid over-reliance on consent. The Information Commissioner’s Office has provided extensive guidance at Guide to the UK General Data Protection Regulation (UK GDPR) | ICO 5. General practice points Where an adult has refused to consent to information being disclosed for these purposes, then professionals must consider whether there is an overriding public interest that would justify information sharing (e.g. because there is a risk that others are at risk of serious harm) and wherever possible, the appropriate Caldicott Guardian or agency’s Data Protection Lead should be involved. It will always be necessary to consider proportionality and whether the apparent need to share information is proportionate to the perceived risks of not doing so. Decisions about who needs to know and what needs to be known should be taken on a caseby-case basis, based on agency policies and the constraints of the legal framework. Principles of confidentiality designed to safeguard and promote the interests of an adult should not be confused with those designed to protect the management interests of an organisation. These have a legitimate role but MUST never be allowed to conflict with the welfare of an adult. If it appears to an employee or person in a similar role that such confidentiality rules may be operating against the interests of the adult, then a duty may arise to make a full disclosure in the public interest. In certain circumstances, it will be necessary to exchange or disclose personal information which will need to be in accordance with the law on confidentiality and the GDPR where this applies. 6. Duty of Candour From October 2014, providers (of health and adult social care registered with the CQC) are required to comply with the duty of candour. This means providers must be open and transparent with adults about their care and treatment, including when it goes wrong. 7. Type of personal information that will be routinely shared The type of personal information that will be routinely shared under this agreement is sensitive personal data as defined in the Data Protection Act 2018 and General Data Protection Regulation (GDPR). Additionally, special category data relevant to SARs, DHRs or other reviews will be provided. For example in a Serious Case Review in Surrey ‘there was a lack of history relating to [them] that meant that the risk inherent in placing them together in a supported housing setting were not fully appreciated’ and…‘there was considerable concern amongst members of the SCR panel that an adult could potentially have a serious mental health and forensic history and pose a threat to the community, but that housing might know little or nothing about this’. 8. How personal information will be shared Verbal or written information will be requested and shared at safeguarding discussions, meetings or as requested as part of an action or protection plan arising from the safeguarding meeting/discussion. It will also include information that is requested or supplied by email or other electronic forms of communication. A record of all requests for information, meetings, and discussions will be maintained to facilitate an audit trail. Information can also be shared under any processes that are included with the Dorset and Bournemouth, Christchurch and Poole Safeguarding Adults Multi-Agency Policy and Procedures. Emails must always be sent to a secure email address. It is each organisation’s responsibility to ensure they have appropriate procedures/policies in place for staff to be aware of their individual requirements.
RkJQdWJsaXNoZXIy NTIyMzU=