Data Protection & Privacy

When you trust us with your loved one’s care, you also trust us with personal and sensitive information. We take that responsibility seriously. Every piece of data we hold is protected by law, by policy, and by the daily actions of our team.

This policy is part of our governance and compliance framework, which ensures every aspect of our care meets the highest standards.

The Laws That Protect Your Information

SW Care complies with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). These laws set strict rules about how personal information must be collected, stored, used, and shared. We also follow the Freedom of Information Act 2000 where it applies to our work with public bodies.

In plain terms, this means we only collect the information we need, we keep it secure, and we never share it without a lawful reason to do so.

Our Caldicott Guardian

SW Care has a designated Caldicott Guardian. This is a senior person responsible for making sure that all personal information about the people we support is handled correctly. The role follows seven key principles that govern how we use confidential data:

• Justify the purpose — We only use personal information when there is a clear and valid reason.
• Use the minimum necessary — We share only what is needed, nothing more.
• Access on a need-to-know basis — Only staff who need the information to deliver care can see it.
• Everyone must understand their responsibilities — All staff sign a confidentiality agreement when they join SW Care.
• Comply with the law — Every decision about data is made within the legal framework.
• Share with informed consent — We ask for your permission before sharing information, unless there is a safeguarding concern that overrides this.
• The duty to share is as important as the duty to protect — When sharing information could prevent harm, we act responsibly and lawfully.

How We Keep Your Data Safe

Every member of the SW Care team signs a confidentiality agreement at the start of their employment. This covers all personal data they may encounter, whether it belongs to the people we support, their families, or fellow staff.

We follow guidance from the National Cyber Security Centre to protect digital records. Our care management system, Birdie, uses enterprise-level security to store care plans, visit logs, and personal records. Physical records are kept in locked storage with controlled access.

When We Share Information

We share personal information only with your consent. There is one exception: if we believe someone is at risk of harm, we have a legal duty to share relevant information with safeguarding authorities. This is always done in the best interests of the person we support.

When we work alongside NHS district nurses or other health professionals, we share only the care information needed to deliver safe, joined-up support. We never share data for marketing or commercial purposes.

Social Media and Confidentiality

Our staff receive clear guidance on social media use. They must never share details about the people they support, their families, or the locations where they work. This applies to all platforms, whether personal or professional. Even a well-meaning post can reveal confidential information.

What Happens If There Is a Data Breach

If a data breach occurs, we act immediately. Our Registered Manager, Stacey Cole, leads the response. We contain the breach, assess the risk, notify anyone affected, and report to the Information Commissioner’s Office if required. We then review what happened and put measures in place to prevent it recurring.

All of our data protection policies are managed through QCS (Quality Compliance Systems) and reviewed regularly to reflect current legislation and best practice. If you have questions about how we handle your data, please contact us.

Read about all of our governance policies or view our CQC rating.

Browse our full governance and compliance policies to understand how we maintain high standards across every area of our service.