The following information comes from the UK government document ‘Working Together To Safeguard Children’.…
Sharing information enables practitioners and agencies to identify and provide appropriate services
that safeguard and promote the welfare of children. Below are common myths that may hinder
effective information sharing.
Data protection legislation is a barrier to sharing information
No – the Data Protection Act 2018 and GDPR do not prohibit the collection and sharing of personal
information, but rather provide a framework to ensure that personal information is shared appropriately. In particular, the Data Protection Act 2018 balances the rights of the information subject (the individual whom the information is about) and the possible need to share information about them.
Consent is needed to share personal information
No – you do not need consent to share personal information. It is one way to comply with the data protection legislation but not the only way. The GDPR provides a number of bases for sharing personal information. It is not necessary to seek consent to share information for the purposes of safeguarding and promoting the welfare of a child provided that there is a lawful basis to process any personal information required. The legal bases that may be appropriate for sharing data in these circumstances could be ‘legal obligation’, or ‘public task’ which includes the performance of a task in the public interest or the exercise of official authority. Each of the lawful bases under GDPR has different requirements.15 It continues to be good practice to ensure transparency and to inform parent/ carers that you are sharing information for these purposes and seek to work cooperatively with them.
Personal information collected by one organisation/agency cannot be disclosed to another
No – this is not the case, unless the information is to be used for a purpose incompatible with the purpose for which it was originally collected. In the case of children in need, or children at risk of significant harm, it is difficult to foresee circumstances where information law would be a barrier to sharing personal information with other practitioners.
The common law duty of confidence and the Human Rights Act 1998 prevent the sharing of personal information
No – this is not the case. In addition to the Data Protection Act 2018 and GDPR, practitioners need to balance the common law duty of confidence and the Human Rights Act 1998 against the effect on individuals or others of not sharing the information.
IT Systems are often a barrier to effective information sharing
No – IT systems, [such as ECINS], can be useful for information sharing. IT systems are most valuable when practitioners use the shared data to make more informed decisions about how to support and safeguard a child.
The Data Protection Act 2018 and UK GDPR do not prevent the sharing of information for the purposes of keeping children safe. Fears about sharing information must not be allowed to stand in the way of the need to safeguard and promote the welfare and protect the safety of children.
Further details on information sharing can be found:
Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers. The Information Commissioner’s Office (ICO), which includes ICOUK GDPR FAQs and guidance from the department
Data protection: toolkit for schools – Guidance to support schools with data protection activity, including compliance with the UK GDPR.