CHW164-National Data Opt-Out Policy
{{org_field_logo}}
{{org_field_name}}
Registration Number: {{org_field_registration_no}}
National Data Opt-Out Policy
1. Purpose
The purpose of this policy is to outline how {{org_field_name}} complies with and implements the National Data Opt-Out initiative, which allows individuals to opt out of having their confidential information used for purposes beyond their individual care. This includes data sharing for research and planning purposes. While the National Data Opt-Out programme is primarily a requirement in England, {{org_field_name}} recognises the importance of applying the same principles of transparency, data ethics, and individual rights within Wales, in accordance with the Data Protection Act 2018, UK GDPR, and the values and regulations set out in the Regulation and Inspection of Social Care (Wales) Act 2016.
We are committed to protecting the rights of individuals using our services, including their right to make informed choices about how their information is used. We ensure that our data sharing practices are ethical, lawful, and transparent, and that people are empowered to control their personal data.
2. Scope
This policy applies to all employees, contractors, volunteers, and agency staff at {{org_field_name}} who have access to personal and confidential information. It applies to all residents using our services, their families or representatives, and to external partners who may receive or request data from us.
3. Related Policies
This policy should be read in conjunction with the following:
- CHW34 – Confidentiality and Data Protection (GDPR) Policy
- CHW13 – Safeguarding Adults from Abuse and Improper Treatment Policy
- CHW42 – Communication and Engagement with Service Users and Families Policy
- CHW04 – Good Governance
- CHW14 – Receiving and Acting on Complaints Policy
4. Policy Details
4.1 Understanding the National Data Opt-Out
The National Data Opt-Out is a mechanism that allows individuals to decide if they want their confidential information to be used for anything beyond their direct care—for example, planning health and social care services or supporting research studies. Although the programme applies directly in England, {{org_field_name}} adheres to the same principles to ensure that residents in Wales are fully informed of their data rights and have the opportunity to exercise control over how their personal information is used.
4.2 Legal and Ethical Framework
{{org_field_name}} operates under the principles of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Human Rights Act 1998. Under these laws, we are required to process personal data fairly, lawfully, and transparently. In line with CIW expectations and Welsh Government data handling principles, we ensure that any sharing of personal data for secondary purposes (not directly related to care and support) is only undertaken with a lawful basis and subject to consent or a clear public interest justification.
4.3 Individual Rights and Informed Choice
All residents and their representatives are made aware of how their personal data is used and their right to opt out of data being used for non-care purposes. This is achieved through:
- Providing an information leaflet about data use and the National Data Opt-Out at the point of admission or during care plan reviews
- Discussing data preferences during initial assessments and reviews
- Including a section in our consent forms regarding data use beyond direct care
- Making clear that opting out will not affect the quality or provision of care they receive
Where a resident lacks mental capacity, we consult with their legal representative or advocate in accordance with the Mental Capacity Act 2005 and CHW39 – Mental Capacity and Deprivation of Liberty Safeguards Policy.
4.4 Managing Opt-Out Preferences
When an individual expresses a wish to opt out of data sharing for non-care purposes, the following steps are taken:
- The opt-out decision is recorded in their care file and flagged on our data management systems
- All relevant staff are notified to ensure compliance with the resident’s wishes
- Any planned external data sharing arrangements are reviewed, and the individual’s data is excluded where applicable
- Consent records are updated and stored securely in line with our GDPR Policy (CHW34)
Residents can change or withdraw their preferences at any time, and staff are trained to facilitate these updates promptly and without judgment.
4.5 Communication and Transparency
Information about data use, privacy rights, and the National Data Opt-Out is displayed clearly in communal areas and included in our service user guide. Staff are expected to be able to explain the policy in simple, jargon-free terms and provide support to residents or family members wishing to make an informed decision.
For residents with additional communication needs, alternative formats such as Easy Read, large print, or translated materials are available. Staff will also provide support through interpreters, advocates, or visual aids where required.
4.6 Staff Responsibilities and Training
All staff receive data protection training as part of induction and ongoing mandatory training. This includes:
- Understanding the lawful basis for data processing under UK GDPR
- Awareness of the National Data Opt-Out and how it applies
- Recognising the difference between direct care and secondary uses of data
- How to record and respect individual preferences
The Data Protection Officer, {{org_field_data_protection_officer_first_name}} {{org_field_data_protection_officer_last_name}}, is responsible for overseeing implementation and compliance with this policy. Staff must escalate any uncertainty about data sharing or opt-out rights to the DPO immediately.
Email: {{org_field_data_protection_officer_email}} | Tel: {{org_field_data_protection_officer_phone}}
4.7 Data Sharing Practices
Any data sharing for planning, service development, or research is strictly assessed through our data governance process. This includes:
- Reviewing the legal basis for the data request
- Ensuring only anonymised or pseudonymised data is shared where possible
- Confirming that opt-out preferences have been applied
- Ensuring data sharing agreements are in place with external partners
We do not share identifiable data for secondary purposes without explicit consent or a clear legal obligation.
4.8 Monitoring and Audit
We regularly audit our data sharing practices and consent records to ensure compliance with this policy. The outcomes are reported to the Registered Manager and included in the Quality of Care Review. Where failures or breaches are identified, immediate remedial action is taken, and where appropriate, CIW and the Information Commissioner’s Office (ICO) are notified.
4.9 Managing Complaints and Concerns
If a resident or family member believes their data has been used inappropriately, they have the right to raise a concern or complaint under CHW14 – Complaints Policy. We will investigate all complaints sensitively and transparently and ensure that any learning is embedded in future practice. If the complainant remains dissatisfied, they are supported to contact the Information Commissioner’s Office or the Public Services Ombudsman for Wales.
5. Policy Review
This policy is reviewed annually or sooner if:
- There are changes to UK data protection legislation or guidance from the Welsh Government or ICO
- Feedback from residents, family members, or staff highlights concerns
- Audits identify areas for improvement
- CIW or external inspections provide recommendations
Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.