Information Sharing

The importance of information sharing

All staff must understand that the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 are not barriers and do not prevent the sharing of information for the purposes of keeping children and young people safe and promoting their welfare.

Staff have a legal and professional duty to share concerns with appropriate professionals if they believe a child is at risk of harm, neglect, exploitation, or in need of support. Timely and proportionate information sharing is essential for effective safeguarding. Where possible, information should be shared with the knowledge and consent of the child (where age-appropriate) and/or their parents or carers. However, if seeking consent would place the child at greater risk or hinder a potential investigation, information must still be shared in line with safeguarding responsibilities.

Staff should follow these key principles:

- The safety and wellbeing of the child must always come first.

- Information shared must be necessary, proportionate, relevant, accurate, timely, and secure.

- Consent should be obtained where appropriate, but is not required if a child is at risk.

- All decisions to share (or not share) information should be clearly recorded, including reasons and who was consulted.

Information may be shared with safeguarding partners such as schools, social workers, local authorities, health services, or the police, depending on the situation. Safeguarding takes priority. Staff should never allow concerns about data protection to prevent them from taking necessary action to protect a child.

Fears about sharing information must not be allowed to stand in the way of the need to safeguard and promote the welfare of children. (KCSIE 2024)

Some myths

• Consent is needed to share personal information No, you do not need consent to share personal information. It is one way to comply with the data protection legislation but not the only way. UK GDPR provides a number of bases for sharing personal information. It is not necessary to seek consent to share information for the purposes of safeguarding and promoting the welfare of a child provided that there is a lawful basis to process any personal information required.

• Personal information collected by one organisation/agency cannot be disclosed to another No, this is not the case unless the information is to be used for a purpose incompatible with the purpose for which it was originally collected. In the case of children in need, or children at risk of significant harm, it is difficult to foresee circumstances where information law would be a barrier to sharing personal information with other practitioners.

• The common law duty of confidence and the Human Rights Act 1998 prevent the sharing of personal information No, this is not the case. In addition to the Data Protection Act 2018 and GDPR, practitioners need to balance the common law duty of confidence and the Human Rights Act 1998 against the effect on individuals or others of not sharing.