What data security and protection roles should care providers have?

All care services should assign responsibility for data security and protection to someone in their organisation. We have called this person a Data Security and Protection Lead – but it may also be known as an Information Governance (IG) Lead or Data Protection Champion.

You must have someone performing this role in order to complete the Data Security and Protection Toolkit.

Care services that are owned by a local authority or the NHS, or large groups who process high volumes of care records, are required to have a Data Protection Officer.

It is not mandatory for social care providers to have a Caldicott Guardian, but you may choose to have one in place.

Read our short guide to roles and responsibilities.

Back to FAQs