GDPR? What is it and what does it mean to your care organisation?


Put May 25, 2018 in your diary as a significant date. This is when the Data Protection Act 1998 will be replaced by the General Data Protection Regulation (GDPR).

All personal information your care home has needs to be protected and handled in line with GDPR.

Personal information, in the GDPR context, is information that can identify living individuals (either on its own or on conjunction with other information already available).

Some examples below:

· Name


· Address

· Gender

· NHS number

· Occupation

All organisations who deal with special categories of personal data will have to comply with GDPR. Special categories of personal data can include the below:

· Health information

· Information relating to race, ethnicity, religion, or sexual orientation


To comply with GDPR, you will need to ensure that personal information is:

  1. Processed fairly, lawfully, and in a transparent manner
  2. Collected for specified, limited purposes
  3. Adequate, relevant and limited to what is necessary
  4. Accurate and kept up-to-date
  5. Kept in a form which permits identification for as long as necessary and no longer
  6. Processed in a manner that ensures appropriate security


Points to consider:

Legal Basis and Consent

  • Under GDPR, if your legal basis for collecting and sharing personal information is consent, then that consent needs to be informed, explicit, and recorded. You will only be able to use the information for the consented purpose, and any further use will require further consent. Can you currently evidence this?
  • There are other legal alternatives for collecting, using and sharing personal and special category data that may be more appropriate than consent, such as it’s in the vital interest (life or death) of the individual concerned. Are you aware of all of these?
  • You will need to document the legal basis for all personal information your organisation utilises.

Data Quality

  • Do you have data quality controls in place to ensure your information is accurate and up-to-date?

Retention Periods

  • Are you aware of retention periods relating to all information types so you are compliant with GDPR? You will need to document this under GDPR.

Information Security

  • Care home providers could be exposed if they are using paper or archaic care systems that are not designed with the latest standards of encryption and secure access
  • Under GDPR, you will be responsible for ensuring any contracted third-parties do not compromise your compliance with GDPR. Can you be certain that your system providers meet the GDPR requirements?
  • Do you hold personal data on external hard drives or USBs? What are your security controls for these mobile devices?
  • Do you have access and audit controls in place to ensure only authorised staff are seeing sensitive information?

Subject Access Requests

  • Both staff and residents can request to see what information you hold on them (a subject access request). Under GDPR, the timeframe for legally responding to these is changing, as is the ability to apply a fee. Have you updated your processes to reflect these changes? Are all staff and residents aware of this right?
  • Can you access your information quickly to comply with these requests? Do you know where all your information is stored?

Dependant on how you have answered the above, your care home may not be compliant with the new GDPR regulations.

Want to know more information on GDPR? Follow this link for the Information Commissioner Office 12 step guide to becoming compliant.

Cura Systems can help!

Don’t panic, there is an easy way to becoming compliant with GDPR. That is to utilise a company that understands data protection legislation on special categories of personal data and is committed to supporting other organisations in being compliant with GDPR.

Cura Systems offer intelligent and modern care planning, medication management, staff planning, notes and time and attendance monitoring software. Using Cura will provide you with some reassurance that your information is secure and quickly accessed when needed, but only accessible to authorised individuals. Cura does this, and more, for care companies while also empowering them to utilise their information in a way that makes their information more useful to increase service efficiency and enable them to achieve to golden care and management standards.


Give your care home the competitive advantage, talk to the Cura Systems team today. Email or call us on 020 3621 9111.

We are committed to executing a robust data protection strategy to ensure Cura Systems is compliant with GDPR and other data protection legal requirements

We have recruited a Data Compliance and Security Officer, Jessica Hiscock, on a full time basis to inform and advise Cura Systems and our employees about our obligations to comply with the GDPR and other data protection laws. More importantly, to provide us with the means to do so through the task of producing and implementing relevant policies and procedure, as well as spreading awareness and knowledge through training.

Jess previously worked within the Data Protection and Confidentiality Department at Abertawe Bro Morgannwg University Health Board, covering both Information Governance and Information Security remits. She was the department’s lead trainer to over 16,000 staff (as well as additional voluntary staff, students, and contracted employees), the lead auditor on data protection compliance across the whole Health Board, and the first point of contact for any queries.

She will monitor and audit Cura Systems compliance with GDPR and other data protection laws and advise on any identified information risks. Her role is primarily a preventative-focused one where, instead of waiting for a data breach to occur, she is instead tasked with anticipating threats to information and actively working to prevent them from having real-world negative impacts. Jess is also here to support disaster recovery and business continuity management to ensure that any incidents are appropriately managed to reduce harm to Cura Systems and its data subjects.

Susuana Ocansey, our National Delivery Manager and her team will be your first point of contact for any queries (internal or external) regarding the data we process and will ensure that individuals are aware of their rights regarding the information we hold about them.

Contact the Cura Support team for more information, call 020 3621 9117 or email

To serve our customers better, we begin with our employees

Just as Cura Systems continually evolve with best of breed technology and functionality so must our staff and processes.

To this end, we have restructured our training and implementation team to better serve our growing list of customers. We have appointed a Client Solutions Specialist with deep domain knowledge of care homes and how they operate and reporting to our recently appointed National Service Delivery Manager. Cura Systems is committed to ensuring all our customers gain the best value from their investment in Cura and continue to provide a service level that is exceptional and unique to every customer.

After the initial implementation of Cura we don’t just leave you with an ad-hoc support package, you have an option to be assigned a dedicated Client Solutions Specialist, whose primary focus is to ensure Cura is used by all of your staff to its full potential.

Implementing a new system can be an overwhelming experience and it takes some time to adapt to a new environment. We are here to make that transition as smooth and practical as possible.

The Impact of Going Digital

Surrey Care Association today released a special report for residential and domiciliary care providers on the impact of going digital in care, the challenges facing care providers today, the CQC’s reaction to care going digital and a fundamental change in approach.

15 senior members of the association gathered across a roundtable on 26th October to form this discussion and transparently share experiences.

“It’s been so useful to get around the table with everyone. We are proud to be continually working with our membership to evolve their processes and share best practice. We hope this white paper will be useful for all providers of social care nationwide.”

Erica Lockhart – Chief Executive – Surrey Care Association

Please enter your email address to download your copy of the Surrey Care Association white paper. 

We welcome you to join the discussion going forward. If you have any questions, or would like to contribute to the debate please get in touch with us:


Cura Systems response to the CQC State of Care report: Technology innovations can help future proof social care

This year’s State of Care report shows the quality of health and social care has been maintained, despite very real challenges, the majority of people are getting good care. But future quality is precarious at best, as the system struggles with complex new types of care demand and needs, access and cost.

The Care Quality Commission’s annual assessment of the quality of health and social care in England contains much that is encouraging. As of 31 July 2017, 78% of adult social care services were rated good (71% were rated good at 31 July 2016) but it continually echoed this was due to tireless efforts of care leaders and staff and noted the continuing risk of a ‘tipping point’. It is crucial that we do something before service deterioration outpaces the capacity for service improvement.

Professor Martin Green, OBE, Chief Executive of Care England highlighted, “There is a lot of uncertainty in the sector and by dragging its heels, and Government simply cannot abdicate responsibility for those in need of care.”

The additional £2bn made available by the Chancellor in the spring budget was a welcome acknowledgement of the pressure the adult social care sector is under. What is now required is a long-term sustainable solution for the future funding and quality of adult social care.

One of these solutions has to be being open to embracing technology and thinking of innovative ways that are continually evolving. Technology can help relieve pressure on care home providers and their staff, and improve the quality of care.

Peter Wyman, Chair of CQC, said, “We have seen excellent examples of services working together around the needs of people – often harnessing new innovations and technology – with positive results on outcomes, access and people’s experience of care. To deliver good, safe, sustainable care, more providers need to think beyond traditional boundaries to reflect the experience of the people they support.” “This must be future direction for creating a more sustainable and effective health and care system for the third decade of the 21st century.”

The future of the social care system is one of the greatest unresolved public policy issues of our time – a long term sustainable solution is urgently required. This is why Cura Systems are continually developing our products and services to ensure we futureproof for our customers – we are committed to the sustainability of the care market.



[ultimatemember form_id=2219]


[ultimatemember form_id=2222]