Data protection and digital technology

You must understand the current regulations under the General Data Protection Regulation (GDPR) on how your organisation manages data safely and securely. Your organisation must have a written policy and procedure in place to show how it meets the rules. This includes a policy for what happens when a data breach – someone getting hold of information they should not have had – occurs.

Your data protection policy should work with your safeguarding policy, making sure you keep the highest standards of confidentiality.

You must make sure that staff and volunteers:

• understand how to collect, store and share information, in line with GDPR
• understand how to follow up a data breach using both your data protection policy and your safeguarding policy.

Your data protection policy can never be used to stop you reporting safeguarding concerns. If it is necessary to share relevant personal information when someone is at risk of harm or has been accused of causing harm you can still do. The GDPR says you may share information even without permission from the person for a number of reasons. Two of them are important.

• If you are required to do so under the law
• It is of vital interest in order to protect someone’s life

Want to know more about how to comply with GDPR? Read our guidance on understanding data protection.

Want to understand the details of the legislation as it relates to children? The Information Commissioners Office (ICO) guide Children and the GDPR provides technical advice on the child-specific considerations of GDPR.

It is likely your organisation relies on digital technology for day to day running. In order to carry out your safeguarding responsibilities, you must make sure that the digital technology you use is reliable, secure and fit for purpose.

Digital technology includes:

• your website
• social media accounts and posts
• IT network and servers
• hardware (laptops, iPads and PCs, photocopiers, printers)
• software (programs and apps)
• mobile phones.

Digital technology can be a great asset to effective safeguarding. However, you must manage the associated risks. For instance, you must assess the likelihood and impact of certain situations and plan for them. Here are some examples to consider.

• Your server fails and you lose or cannot get access to information.
• A staff member on outreach cannot be contacted due to unreliable mobile phone or network.
• A laptop containing sensitive information is lost or stolen.
• Inappropriate or bullying comments are posted by someone on your Facebook page.
• A virus is downloaded onto your IT system which may compromise security.

Steps you can take to prevent and reduce risks include:

• sourcing reliable equipment and software that meets your organisation’s needs
• keeping equipment and software maintained
• having policies in place
• training all staff and volunteers in policy and procedure so they understand the risks and what to do
• regularly reviewing your digital technology and making sure you take into account accidents, incidents, near misses and complaints where digital technology is a factor.

This list shows policies covering risk areas and what needs to be included:

• Data protection and document retention. Make it clear how and where information should be kept securely, how to use passwords, and what to do if information is lost or stolen. Restrict access to sensitive or confidential information.
• Acceptable use policy for IT equipment. Set out how equipment should be used, what it may not be used for and consequences.
• Lone and remote working. Cover how staff keep themselves and equipment/information safe.
• Social media policy. Make sure people know what is not acceptable. You should appoint moderators who can check content and report any breaches or risks.
• Back up systems, disaster recovery and continuity plans. Set out how you will back up information and manage operations in the event of an emergency

Want to learn more about how you can use digital technology effectively in your organisation? Then work through our digital technology pages.

If you are designing new services or taking existing ones online, use the digisafe step-by-step digital safeguarding guide.