Care home providers failing to protect personal data face tougher fines of potentially of up to millions of pounds under a new EU regulation next year.

Under the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018 replacing Data Protection Act (DPA), care home providers face fines of up to €20m (£18m), or 4% of turnover.

The warning yesterday came from Andrew Coles, Product Manager at software solutions provider, Person Centred Software, during Care Show 2017.

Story continues below

Andrew said the changes were not designed to stop people sharing data but to protect people’s privacy and to ensure data controllers such as care home providers use data fairly and lawfully.

Under the changes, providers can be fined up to €20m, or 4% of turnover, if they fail to notify the Information Commissioner’s Office (ICO) of a data breach within 72 hours.

A further potential fine of up to €10m, or 2% of turnover, can be imposed for non compliance with the GDPR.

Andrew urged care home providers to review and document all data in preparation for the new regulation, as well as understand the legal grounds for holding it and review their systems in order to minimise the risk of a potential data breach.

PCS offers a number of services to help providers comply with the regulations, including a tool to identify data which breaches retention limits and support in helping to identify the right data partners.

To find out more about PCS’s support services, including a white paper released last month, visit

To learn more about the GDPR, visit

Tags : finesInnovationPerson Centred SoftwareRegulation

The author Lee Peart

Leave a Response