Our Commitment
 
We recognise that protecting personal data is a fundamental right. We are committed to ensuring that all personal and sensitive data is collected, stored, used, and shared lawfully, fairly, securely, and transparently.
 
We embed the Caldicott Principles into our practice to balance confidentiality with safe and effective information sharing.
 
 
Scope
 

• Covers all data processed in hard copy or digitally, including special category data

• Applies to all Otter Homecare staff, contractors, and temporary workers

• Registered with the ICO (ZB544661)

• Policy supports the regulated activity of personal care

 

Key Principles
 
We uphold:
 

• Lawfulness, fairness, transparency in processing

• Purpose limitation – data used only for clear, specific purposes

• Data minimisation – collect only what is necessary

• Accuracy & storage limitation – data kept up to date and only as long as needed

• Integrity & confidentiality – data secured with technical and organisational safeguards 

 
We also uphold UK GDPR rights, including:
 

• Right to be informed

• Right of access

• Right to rectification & erasure

• Right to restrict or object to processing

• Right to data portability

• Rights relating to automated decision-making and profiling 

 
 
How We Protect Data
 

• ICO Registration – and adherence to guidance

• Consent – explicit, informed, and easy to withdraw

• Annual audits – compliance with data protection law

• Data Protection Champion – James Rowland Jones oversees strategy, compliance, breaches, risk assessments, and subject access requests

• Staff training – all employees trained in GDPR, confidentiality, and the Caldicott Principles

• Policies & Procedures – including Data Quality, Record Keeping, Data Security, Network Security, Business Continuity, CCTV & Surveillance, and Staff Code of Conduct 

 
 
Surveillance Technology
 
Where surveillance (CCTV, cameras, microphones) is used, it is only to:
 

• Protect people’s safety

• Keep premises secure

• Support safe care without restricting activities

 
We comply with CQC and ICO guidance to protect privacy and rights .
 

The Caldicott Principles

We apply the 8 National Data Guardian principles, including:
 

1. Justify the purpose for using confidential information

2. Use it only when necessary

3. Use the minimum necessary

4. Limit access to a strict need-to-know basis

5. Ensure all staff know their responsibilities

6. Comply with the law

7. Balance protection with the duty to share for safe care

8. Inform people how their information is used 

 
 
Responsibilities
 

• Managing Director / DPO – accountable for compliance, supported by the Data Protection Champion

• All staff – required to comply; breaches may be treated as gross misconduct

• Annual DSPT Submission – completed each year to demonstrate compliance with national standards 

 
 
Quality Statements (CQC)
 

• Learning culture: openness and improvement in safety

• Safeguarding: protect people’s rights to live free from abuse and neglect

• Safe environments: secure, risk-controlled facilities and systems

• Staffing: sufficient, trained, and supervised staff

• Consent & dignity: respect for people’s rights, kindness, and compassion

• Shared culture & governance: transparency, inclusion, sustainability, and secure data sharing