Data Protection Policy


Cavendish Homecare Professionals aims to protect people’s privacy by ensuring that unauthorised or inappropriate access to or use of personal data is prevented.


Cavendish Homecare Professionals understands that:

  • The Data Protection Act 1998 sets standards and a legal framework governing the storage and processing of personal data held in manual records and on computers.
  • The term ‘information governance’ refers to the policies, procedures, processes and controls that are required by an organisation to protect such personal data.
  • If personal data is not properly used and adequately protected an organisation may find itself facing legal action for contravention of the Data Protection Act 1998.
  • Misuse of personal data or personal data loss is not only a breach of data protection law but can also be very distressing to those who have had their data lost. People are very aware of the dangers of ‘identity theft’ or fraud and have a right to expect that any data held about them is protected and held securely.
  • It is important to keep personal data safe and all employers have a legal and ethical duty to do all they can to protect data.


In Cavendish Homecare Professionals:

  • All members of staff will at all times and in all circumstances uphold and comply with the eight main principles of the Data Protection Act 1998 which provide a legal framework under which personal data should be kept, processed and collected. Staff should ensure that personal data is:
    • obtained fairly and lawfully
    • held for specified and lawful purposes
    • processed in accordance with the person’s rights under the Data Protection Act
    • adequate, relevant and not excessive in relation to that purpose
    • kept accurate and up to date
    • not kept for longer than is necessary for its given purpose
    • subject to appropriate safeguards against unauthorised use, loss or damage
    • transferred outside the European Economic Area only if the recipient country has adequate data protection
  • All possible technical, mechanical and organisational measures will be put in place to protect personal data against unauthorised access.
  • Safeguards will be put in place to prevent the accidental loss, destruction or damage of data.
  • Staff should never give out personal information over the telephone. Callers should be asked to put any request in writing for the attention of a manager.
  • When documents containing personal information have reached the end of their life they should be disposed of by shredding or using confidential waste bins.
  • The implementation of data protection and information governance principles will be frequently audited.
  • Any incident involving the loss or misuse of data should be reported to a line manager who should investigate and take appropriate action.
  • All data breaches or losses or untoward incidents involving personal data, no matter how minor, should be recorded and thoroughly investigated.
  • At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose.

Management duties

Managers and supervisors in the organisation have a duty to:

  • ensure that line managers and staff who process information about their employees and clients understand their obligations to comply with data protection principles
  • regularly audit the use of this policy and the effectiveness of data protection and information governance procedures
  • monitor complaints and untoward incidents relating to personal data issues, taking action as required and fully investigating any complaints
  • ensure that clients, and their relatives and representatives, have adequate processes in place to be able to register queries or complaints about data protection issues and to have their thoughts listened to and acted upon.

Staff duties

Staff in Cavendish Homecare Professionals have a duty to:

  • always act in full compliance with the Data Protection Act 1998 and with associated best practice guidelines
  • understand the importance of protecting personal data and respecting the privacy of clients
  • comply fully with organisational policies on confidentiality and data protection
  • attend appropriate training.


In Cavendish Homecare Professionals:

  • induction will include guidance on record keeping, confidentiality and data protection
  • all staff will be trained in the requirements of the Data Protection Act 1998
  • training in correct methods for entering information in clients and candidate’s records is given to all staff.



Date: January 2024

Version: 8 (Review)

Source: Expert Care Manager / Digital Social Care