Jordan Brewer looks at the recent changes to data protection laws and considers the possible effect this will have on the provision of housing-related support.
Along with the new Data Protection Act 2018 (DPA 2018), the General Data Protection Regulation (GDPR) now forms part of the data protection regime in the UK. As we are all painfully aware, the GDPR compliance date was the May 25. Although reaching that point was at times challenging, it also presented us with several opportunities for improving the way data is collected and services are delivered.
Giving people control over what information is held on them, and ensuring that the right people are getting the right information is obviously a positive move. But does our idea of full compliance carry unintended consequences?
During sector-specific briefings that Cymorth Cymru held across Wales, several of our member organisations raised their concerns. Some feared that services, when faced with the consequences of these new data protection laws, may be tempted to slip back into risk averse behaviour. For years the sector has been making a collective shift towards data sharing in order to improve the quality and accessibility of services – and therefore the outcomes of people who use them. Could GDPR put this at risk?
What are the reasons for sharing an individual’s data?
Each year Cymorth Cymru facilitates three engagement events across Wales for people who access Supporting People services. Regular issues discussed are barriers to accessing services and ways of improving delivery. A common conversation every year centres on the frustration people feel at having to repeat their stories again, and again. Others include poor communication and services not ‘talking to each other’ which sometimes lead to missed opportunities for early intervention.
Many people who seek Supporting People services have experienced the most difficult situations imaginable. When people finally feel ready for support, they should not be required to recount and relive these traumatising periods in their life any more than necessary. Anecdotally, we’re aware that having to repeatedly share personal details could lead to: individuals
- becoming re-traumatised.
- becoming desensitised, leading to them not being as readily believed.
- completely disengaging with support due to the stress of having to continually explain themselves to different agencies.
Earlier this year, Cymorth Cymru delivered a programme of Welsh Government-funded training – the PATH programme – which focused on creating trauma informed services. Part of the training asks attendees to imagine that they’re about to share details of an experience that they’re deeply embarrassed about. The reaction to this exercise leaves no room for misinterpretation – putting people on the spot and demanding personal details can cause unnecessary trauma.
The requirement for people to share trauma-inducing details multiple times is a problem – but there is also a solution. If data is stored and shared in a way which is safe and smart, there should be no need for people to disclose any more than they feel comfortable doing.
There is also a need for us all to use data better, to enable services to learn from each other, become better coordinated, and to intervene earlier and in a more targeted way. With smart data sharing there is the opportunity to cut out duplication of work, and use decreasing resources more effectively.
What are the worries with GDPR affecting this?
We’ve seen it already – GDPR has spooked a lot of people into being overly cautious. Whether it’s refusing a request for an email or neglecting to send some information over to a person who hasn’t technically signed up to your mailing list. This may very easily translate to the way that vital details are shared, or not, between and across organisations.
At the moment there is still a lot of confusion surrounding what counts as ‘non-compliance’. I think everyone is very conscious of not wanting to be the first person to slip up and find out.
I encourage everyone to protect the sensitive, personal information of the people they work with, and ensure only those on a ‘need to know’ basis have access to people’s data. But I absolutely share the concerns from our sector that we could be taking two steps back in terms of offering accessible, user friendly services that work effectively together.
As the GDPR journey continues, we need to collectively make sure we’re not cutting out people who actually do ‘need to know’ – and that we’re having a real positive impact on people’s experience of support.
Jordan Brewer is policy and communications officer at Cymorth Cymru