• Home
  • Data Protection Privacy Statement (Recruitment)

Data Protection Policy

Aim

Cavendish Homecare Professionals aims to protect people’s privacy by ensuring that unauthorised or inappropriate access to or use of personal data is prevented.

Background

Cavendish Homecare Professionals understands that:

  • The UK General Data Protection Regulation (UK GDPR) and Protection Act 2018 sets standards and a legal framework governing the storage and processing of personal data.
  • The term ‘information governance’ refers to the policies, procedures, processes and controls that are required by an organisation to protect such personal data.
  • If personal data is not properly used and adequately protected an organisation may find itself facing legal action for contravention of the Data Protection Act 1998.
  • Misuse of personal data or personal data loss is not only a breach of data protection law but can also be very distressing to those who have had their data lost. People are very aware of the dangers of ‘identity theft’ or fraud and have a right to expect that any data held about them is protected and held securely.
  • It is important to keep personal data safe and all employers have a legal, ethical and Duty of Care’ to do all they can to protect data.

Policy

In Cavendish Homecare Professionals:

All members of staff will at all times and in all circumstances uphold and comply with the seven main principles of the UK GDPR. Staff should ensure that personal data is:

  • processed lawfully, fairly and in a transparent manner
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary
  • kept accurate and up to date
  • kept in a form which permits identification of data subjects for no longer than is necessary
  • processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage
  • The organisation shall be responsible for, and be able to demonstrate compliance with, these principles (the ‘accountability’ principle)
  • Technical and organisational measures (such as encryption and strong password protocols) will be put in place to protect personal data.
  • Staff should never give out personal information over the telephone unless the identity of the caller is verified and there is a lawful basis for sharing.
  • When documents containing personal information have reached the end of their life they should be disposed of by shredding or using confidential waste bins provided by an accredited secure disposal service.
  • Any incident involving the loss or misuse of data must be reported immediately to a manager. Serious breaches that put individuals at risk must be reported to the Information Commissioner’s Office (ICO) within 72 hours.

Management duties

Managers and supervisors in the organisation have a duty to:

  • ensure that line managers and staff who process information about their employees and clients understand their obligations to comply with UK GDPR principles.
  • regularly audit the use of this policy and the effectiveness of data protection and information governance procedures
  • monitor complaints and untoward incidents relating to personal data issues, ensuring that any data subject requests (such as Subject Access Requests) are handled within the one-month legal timeframe.
  • ensure that clients, and their relatives and representatives, have access to a Privacy Notice that explains how their data is used.

Staff duties

Staff in Cavendish Homecare Professionals have a duty to:

  • always act in full compliance with the UK GDPR and Data Protection Act 2018
  • only access the minimum amount of data necessary to perform their specific job role
  • report the loss or theft of any company device immediately
  • attend appropriate training.

Training

In Cavendish Homecare Professionals:

  • induction will include guidance on record keeping, confidentiality and cybersecurity
  • all staff will be trained in the requirements of the UK GDPR
  • training is refreshed annually to ensure staff remain aware of evolving digital threats

Date: May 2026

Version: 11 (Reviewed)

Source: Expert Care Manager / Digital Social Care