Re-engage supports some of the most vulnerable people in society who may be inherently prone to many forms of abuse and fraud. This is one of the reasons that we take great care when we recruit volunteers and group coordinators.
As part of our efforts to make sure that our older people are safe and sound, we need to ensure that we won’t expose their personal information to people who would use it for purposes which are not consistent with our aims, let alone criminals who would use it to attempt fraud against our older people.
If you are a group coordinator, you’re a data processor under the GDPR, and have a responsibility to ensure that the information that you collect on older people and volunteers is handled in accordance with the charity’s aims (which we believe provide both you and Re-engage with a legitimate interest to process the information).
There is also an obligation on you and us to ensure that the information remains secure, which we will support you with by providing advice on appropriate systems and processes that you can use in your role.
All information must be kept secure and only be used within the scope and terms of the GDPR. Our Data Protection Officer provides guidance and assistance on the GDPR and we can provide you with further information and resources should you wish.
Keeping personal information safe and using it with care
If you’re a group coordinator (GC) or an area organiser (AO) for Re-engage, part of your role is to hold personal information of older people and volunteers in your group. This will include:
-
full names
-
contact details
-
some health-related information
-
emergency contact/next of kin details for the older people.
This information is essential to you being able to carry out your role with us. As it’s part of your role, we as a charity are responsible for how you store and use the information. This is precious, private information that belongs to the volunteers and older people and it’s our duty to make sure that we are keeping it safe and secure at all times.
In order to ensure the security and confidentiality of personal data, any such data received by, or otherwise created on behalf of, Re-engage must only be collected and processed for our stated charitable purposes, and in compliance with the material provisions of the GDPR and the Data Protection Act 2018.
Keeping us up to date
If someone’s contact details change, or someone leaves your group please let us know as soon as reasonably practicable.
Please ensure that any volunteers leaving your group destroy information they hold on everyone in their group. They must, by law, destroy any personal data from their computer, phone, tablet, or any other place in which it is stored.
Please send details to knowledge@reengage.org.uk if a volunteer or older person leaves your group, or their contact details change, so that we can update our records.
We need to have up to date information on everyone in your group so please do make sure you let us know of any changes so that we can put the right processes in place.
Here are some FAQs about storing information and your role in keeping everyone safe and legal. Do let us know if you have any questions, comments, or suggestions that will help to improve this page.
How can I store information securely?
The safest way to keep documents with full information on them is:
• In electronic format on a password protected device (laptop, phone, iPad etc)
-
The document should be password protected
-
You should avoid printing information. If you do need to make printed copies you should take steps to remove information that would make anyone identifiable.
-
Remove references to Re-engage or people being older or alone.
-
Remove surnames or use initials.
-
Never print or carry around full application forms.
-
Shred any printed information when you no longer need it.
What do I do when details change, or people leave?
When any details change please let us know as soon as you can so that we have up to date information stored centrally. You can do this by emailing knowledge@reengage.org.uk. If someone leaves your group you must destroy their contact and personal details and delete any information you have on them straight away. This includes:
• updating any electronic lists you have on the group
• deleting their application form or any attachment with their application form or personal information from your devices
• disposing of paper copies in confidential waste, a shredder or with scissors
How should I send or share information?
You should send and receive applications, personal details, and group reports securely by email.
Please delete previous copies of group reports.
Do not keep multiple copies of the same information and ensure any extra copies are deleted and the master copy is saved on a password protected device.
When should I contact next of kin?
When we contact anyone, we must first consider the reason for which we have collected their data. Re-engage collects emergency contact information for use in case of emergency such as if an older person or volunteer is taken sick. This means that it is not appropriate to contact the next of kin in any other situation. If you have a safeguarding concern, then you should follow our safeguarding guidelines. Our designated safeguarding lead will work with you to decide who needs to be contacted.
What if I have personal/health related information?
On occasion, an older person or relative of an older person will tell you and/or a Re-engage staff member health related information about themselves. This information can be vital to the safety of the older person and may need to be passed to other volunteers in a tea party/social gathering group or a member of staff if new information comes to light on a phone call. When recording this information about the person in question, please make sure they are aware this information may be shared with other volunteers in the tea party/social activity or a Re-engage staff member.
Can my group use WhatsApp groups to share information?
We understand that many groups communicate with each other over WhatsApp. This is a great way to stay up to date, but we ask that you do not share any older person’s or volunteer’s personal or contact details on this platform. Please read ‘GDPR: who needs what information and who doesn’t’ below to find out why.
Can I pass on older people’s details to other organisations that can help them?
The personal contact details of volunteers and older people that you keep should only be used for the purposes of Re-engage. Please do not pass this information on to any third-party organisations/person. If an older person shows an interest in being referred to/joining another organisation’s activities or services, please pass the older person the details of the organisation so that they can make contact themselves.
Who needs what information and who doesn’t?
All volunteers and older people sign an application form when they join us confirming that they understand that certain information will be shared with other people. It is critical that this personal data is only shared with the right people. The amount of data shared with you will be defined by your role and explained to you as part of the onboarding process.
What do I do if personal information goes missing?
We hope these guidelines will help us all keep personal information as safe as possible. In the event of a known breach of the GDPR, the GC must report the matter to the CEO of Re-engage. There are times when we, as a charity have to report issues to authorities such as the Charity Commission or the Information Commissioner’s Office. Our CEO will ensure that steps are taken to recover any lost data, to assess the potential adverse consequences, limit any damage, and (if appropriate) to notify the supervisory authority, unless satisfied that the breach is unlikely to result in a risk to the rights and freedoms of natural persons. Notification must be in accordance with Article 33 of the GDPR.
You can contact the CEO via knowledge@reengage.org.uk or calling 020 7240 0630.