Data protection

Overview for social care

This introduction to data protection has been developed to assist in promoting dignity in social care.

The Information Commissioner's Office is an independent official body whose role is to oversee all information legislation, including promoting access to official information and protecting personal information. All public and private organisations are legally obliged to protect any personal information they hold. Public bodies are also obliged to provide public access to official information. Information legislation protects the human rights of people using services by ensuring information about individuals is:

  • held only with consent
  • held securely
  • shared only on a 'need to know' basis
  • accessible to them.

Data Protection Act (DPA) 2018

The DPA 2018 sets out the framework for data protection law in the UK. It updates and replaces the Data Protection Act 1998, and came into effect on 25 May 2018. It sits alongside the GDPR, and tailors how the GDPR applies in the UK - for example by providing exemptions. It also sets out separate data protection rules for law enforcement authorities, extends data protection to some other areas such as national security and defence, and sets out the Information Commissioner’s functions and powers.


The General Data Protection Regulation (GDPR)

Confidentiality is key when providing care. The General Data Protection Regulation (GDPR) is a European-wide law that replaced the Data Protection Act 1998 in the UK. The Regulation places greater obligations on how organisations handle personal data and came into effect on 25 May 2018.

The GDPR sets out seven key principles:

  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality (security)
  7. Accountability.


Freedom of Information Act 2000

The Freedom of Information Act (FoIA) 2000 provides statutory rights for members of the public requesting information. Under the Act any member of the public is able to apply for access to information (unless that information is covered by exemptions) held by a wide range of public bodies, including local authorities and hospitals. The FoIA imposes a duty on public bodies to adopt schemes, which must be approved by the Information Commissioner, for the publication of information.