GDPR

** Important - On 1 May 2018 we will be removing all personal data (eg Manager Names) downloaded from caredata.co.uk **

We are in the process of making changes to ensure that we are compliant with new data protection regime when the General Data Protection Regulation (?GDPR?) comes into force on 25 May 2018.

General

We are working with data privacy specialist lawyers Clayden Law (www.claydenlaw.co.uk).

We have appointed a Compliance Manager and we are providing all the necessary in-house training to employees.

We have mapped our data processes and are making changes to ensure we are GDPR compliant, including:

  • We are ensuring we have the correct lawful basis for the collection of personal data
  • We are reviewing all our retention policies and amending where required to ensure they are appropriate
  • We are enhancing our record-keeping practices to ensure we can demonstrate accountability for compliance
  • We are making sure that any third parties that are storing or otherwise handling personal data on our behalf or to whom we transfer personal data have appropriate safeguards to ensure GDPR compliance. We are achieving this through (where appropriate) questionnaires, audits and enhanced contractual provisions or agreements
  • We are making further improvements to our security policy to ensure all the data we store is as secure as possible

We are updating our current policies/documentation and processes and introducing new policies/documentation and processes, including:

  • Website & Customer Privacy Notice, Privacy Notice for Suppliers & Privacy Notice for Consultants
  • Terms & Conditions
  • Data Protection Policy
  • Data Map
  • Third Party Data Processor Due Diligence Questionnaires
  • Third Party Data Processing Agreements
  • Retention Policy
  • Individual Rights Policy & Data Subject Access Requests Procedures
  • Privacy Impact Assessments
  • Personal Data Breach Notification Policy
  • Security Policy

The above information is provided for guidance only and does not constitute legal advice or otherwise create any legal liabilities or obligation on Tomorrow's Guides Ltd.

Removal of Personal Data from Caredata.co.uk

In order for us and our customers to be compliant with GDPR, on 1 May 2018 we are removing all personal data from the files downloaded or downloadable from caredata.co.uk. The files and data fields will be effected as per below.

Also on 1 May 2018 we will be deleting any files that have previously been created in customer caredata.co.uk accounts (these files are listed under ?Files already Created?).

1) Location Files
Care Homes & Nursing Homes
Care Homes Master
Nursing Homes
Home Care Agencies
Nursing Agencies
Day Nurseries & Nursery Schools
Adult Day Care Centres
Extra Care Housing
Mental Health Hospitals

- Name of Person in Charge, Job Title, Salutation ? these fields will be removed (for Mental Health Hospitals instead Person A to F, Position A to F will be removed)
- Name of Owner, Salutation of Owner ? where the owner refers to a person(s), these fields will be removed
- Group Name ? where the owner refers to a person(s), these fields will be removed (the Group Reference Key is still output and can be used to identify groups)
- Photo URL + Video URL ? these fields will be removed

2) Group Files
Care & Nursing Homes Groups
Home Care & Nursing Agency Groups
Nursery Groups
Adult Day Care Centre Groups
Extra Care Housing Groups
Mental Health Hospital Groups

- Person A to G, Position A to G & Salutation A ? these fields will be removed
- Purchasing Manager Name, Title & Salutation ? these fields will be removed
- Photo URL + Video URL ? these fields will be removed

Information on Direct Marketing

At present the data bought on caredata.co.uk includes personal data (eg Manager names, individual owner names) and this will remain the case until 1 May 2018. Purchasers should decide for themselves whether the data can be used to contact people for direct marketing (we have not to date received any feedback either from the individuals or the purchasers of any problems in using the data for these purposes). For any telephone direct marketing, you will need to use the TPS (Telephone Preference Service) and CTPS (Corporate Telephone Preference Service) fields included in the data to filter out any organisations that have opted not to receive telephone calls.

However, when GDPR comes into force on 25 May, the personal data derived from the data should not be used by purchasers for direct marketing since in our view purchasers will not be able to satisfy the lawful grounds for processing required under GDPR. If you wish to use the data for direct marketing, the personal data will need to be removed (unless you have already established a relationship with an individual). For avoidance of doubt, you will still need to filter out any organisations that have opted not to receive telephone calls using the TPS and CTPS fields.

The above information is provided for guidance only and does not constitute legal advice or otherwise create any legal liabilities or obligation on Tomorrow?s Guides Ltd.

If you have any queries, please email info@caredata.co.uk