In preparation of the new General Data Protection Regulation (GDPR) legislation coming into force in May this year, NACCC is holding a proactive stance in supporting its accredited centres in achieving compliance. Cafcass and other referring agencies will not be able to communicate with NACCC and contact regarding families unless they can demonstrate that they are compliant.
NACCC has been in discussion with Cafcass and the Ministry of Justice to negotiate a way forward. We have sent each centre advice on ‘Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now’ and will be proposing a way forward for centres to achieve compliance in the most cost effective way possible. NACCC will also be holding two training days in February for centre management committees, co-ordinators and volunteers to explain the issues and strategy for the way forward.
What is a personal data breach? What does it look like?
A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.
For example a hospital could be responsible for a personal data breach if a patient’s health record is inappropriately accessed due to a lack of appropriate internal controls. An agency could also be responsible for a personal data breach if a form containing confidential information regarding a family was posted or emailed to an incorrect address resulting in an unintended recipient reading that information.
Management Committees will need to ensure that their staff and volunteers understand what constitutes a data breach, and that this is more than a loss of personal data.
The Information Commissioner’s Office can advise centres on the following:
- Which breaches do I need to notify the relevant supervisory authority about?
- When do individuals have to be notified?
- What information must a breach notification contain?
- How do I notify a breach?
- What should I do to prepare for breach reporting?
The Information Commissioners Office have set up a dedicated advice line which offers help to small organisations preparing for the new data protection law. The phone service is aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. As well as advice on preparing for the General Data Protection Regulation, callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information.