GDPR standards required organisational change to meet New Data Protection Rules. DWICA is aware of the sensitivity regarding confidentiality and to meet the new standard the following points are designed to ensure data is kept safe.


Confidentiality Dos and Don’ts


  • Do safeguard the confidentiality of all person-identifiable or confidential information that you come into contact with.
  • Do clear your desk at the end of each day, keeping all records containing person-identifiable or confidential information in recognised filing and storage places that are locked at times when access is not directly controlled or supervised.
  • Do switch off computers or lock computers and laptops if you leave your desk.
  • Do ensure that you cannot be overheard when discussing confidential matters.
  • Do challenge and verify where necessary the identity of any person who is making a request for person-identifiable or confidential information and ensure they have a need to know.
  • Do share only the minimum information necessary.
  • Do transfer person-identifiable or confidential information securely when necessary i.e. use a email account to send confidential information to another email account or for any external email use 7Zip to encrypt your attachments.
  • Do seek advice if you need to share person-identifiable information without the consent of the identifiable person’s consent, and record the decision and any action taken.
  • Do report any actual or suspected breaches of confidentiality.
  • Do participate in induction, training and awareness raising sessions on confidentiality issues.
  • Do keep records on the DWICA secure computer network or in locked filing cabinets.  All information relating to service users must be stored in locked drawers. This includes notebooks, copies of correspondence and any other sources of information.


  • Don’t share passwords or leave them lying around for others to see.
  • Don’t share information without the consent of the person to which the information relates, unless there are statutory grounds to do so.
  • Don’t use person-identifiable information unless absolutely necessary, anonymise the information where possible.
  • Don’t collect, hold or process more information than you need, and do not keep it for longer than necessary.