You read that right, the scary acronym we all can’t escape lately is back. GDPR. The new General Data Protection Regulation that comes into effect on 25th May 2018. In just a matter of days every company and employee will have to be aware and ready for the changes; but with “90% of small businesses unprepared for the GDPR deadline”, just how much should we be panicking? And looking closely at the way social workers operate, what should our sector be looking out for specifically? What do independent social workers need to bear in mind moving forward? Why does it feel like no-one is talking about GDPR in our industry?
Before these questions overwhelm you, don’t fear, One Stop Social is here to help! Think of us as a new Avenger, with social work GDPR information being our special power. Except we’re a team working to bring you the information, not one extra-terrestrial or mutant human. We also know how daunting adapting to GDPR is as it took us a while to grasp too. Oh, and we follow the advice of Edna Mode and categorically no capes.
Moving back from the comic-book and movie character tangent; GDPR is coming and we must all face it. While some companies may be trying to find ways to avoid storing personal data on customers or communities so that they don’t have to jump through the data protection hoops; others are facing the storm head on and. The key thing to remember about GDPR is that anyone who has given information about themselves to a company (whether you’re a paying customer or just signed up to a mailing list) has to now give clear permission for that company to first of all keep that information, and then also to use it.
The European Union have brought about the new Regulations for 2 main reasons: to give the public more control of their personal data, and to simplify and unify regulations for business across the European Union. These regulations may seem like they’re complicating matters but that it just the short-term implementation period. Once we all have our systems in place to comply, it’s a win-win situation for everyone. Customers feel more in control of their own information, and businesses have simpler and consistent rules to follow. But how will this affect the social work sector and those who work in it?
In this case, social work is much like any other industry in relation to needing to comply. The whole point of GDPR is to have the same regulations for everyone, so social work is included in ‘everyone’. Social workers need to collect and utilise certain data on people to effectively do their jobs, it’s hard to help an individual/family if you’re not allowed to keep and refer to the appropriate information about that person or situation. Essentially, social workers need data. So, there’s no avoiding GDPR, social workers have to make sure they’re complying with the regulations in order to do their jobs. There’s also existing strict monitoring of how personal data is kept by social workers, as anything that could be deemed mis-use or mishandling can have severe consequences (as proven by the recent case of a children’s social worker sanctioned by the Health and Care Professions Council for sending information to a personal email account).
What next then?
If you work for a specific company, then your work and GDPR compliance should be covered by them; however, the process for independent social workers is a little different. Independent social workers operate in a similar way to freelancers, and it has been made clear that freelancers are by no means exempt from the new regulations. Approximately 35% of all freelancers globally are located within Europe, so we are a continent of flexible work and independent social workers must make sure they are protecting themselves in order to continue working free from strict company ties. Independent social workers, if they hold nothing else, will always have have email addresses of a client. Therefore, they need to audit all devices where information is stored and then ensure these devices are secure. This means entering the scary territory of encryption and malware protection. Nearly 2 million people work in different freelance careers across the UK, and if any are caught not complying with GDPR they could face a fine of either up to 20 million euros. So, we’d say it’s definitely worth the tech lingo and hassle to make sure you’re good to go.
Social workers who work in children’s teams have also been highlighted recently by The Guardian as needing to be aware of the new regulations. This is because when looking at consenting to the data about children being shared and used, the question of consent-age is raised (which can differ across the EU greatly). If we then assume that parental consent is needed (as it is for under-16s) then given the nature of social work, sometimes that may not be the best move. It’s a careful balancing act between ensuring consent has been appropriately given or waived under the right circumstances while ensuring child protection.
(For more information about GDPR and Children Social Workers then check out the original article by Yvonne Anderson and Neil Dabson at The Guardian here)
Never fear, One Stop Social is here!
Don’t worry we’re not going back down The Incredibles/Avengers rabbit hole, but we do have a solution for you if you’re not ready for GDPR yet. Working with Dotkumo we have put together a GDPR package for social workers, including a guide on what to do and what the new regulations mean.
Overall though, this is a situation where we’ll understand things much better after the enforcement date of 25th May, so as long as you’re aware that you need to make some changes and are implementing a new data protection system, there’s no reason to stress out.