We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Impact assessment

Care Home Services (Visits to and by Care Home Residents) (Scotland) Regulations 2026: data protection impact assessment

Published
21 January 2026
From
Minister for Social Care and Mental Wellbeing
Directorate
Social Care and National Care Service Development
Topic
Health and social care
ISBN
9781806436156

Data protection impact assessment undertaken to consider the impacts on personal information as a result of The Care Home Services (Visits to and by Care Home Residents) (Scotland) Regulations 2026.

View supporting documents Supporting documents

5. General Data Protection Regulation Principles

5.1 Principle (a): Lawfulness, fairness and transparency

Compliant: Yes

Description of how you have complied:

The legal basis for processing the data is The Care Reform (Scotland) Act 2025.

The Code of Practice will require care home providers to explain to Essential Care Supporters why data is being collected, the lawful basis for processing, how it will be used and how long it will be retained.

No adverse impacts on the data subjects have been identified.

5.2 Principle (b): Purpose limitation

Compliant: Yes

Description of how you have complied:

The personal data will be collected for the sole purpose of recording the Essential Care Supporter. The purpose will be clearly explained to people.

5.3 Principle (c): Data minimisation

Compliant: Yes

Description of how you have complied:

We anticipate that, as the Essential Care Supporter’s details are very likely to be already held by the care home provider, collection of additional personal data may be minimal in the majority of cases. Although the precise criteria is still to be finalised, the code of practice will advise care homes only to collect essential details such as name, address, contact details and relationship to the resident.

5.4 Principle (d): Accuracy

Compliant: Yes

Description of how you have complied:

The legislation requires care home providers to “maintain” a record of Essential Care Supporters. The Code of Practice will provide more detail on the need to ensure initial accuracy of data and the importance of keeping data up to date.

5.5 Principle (e): Storage limitation

Compliant: Yes

Description of how you have complied:

There is a legal obligation on care home providers to keep and maintain details of the Essential Care Supporter. However, the information will only be kept for as long as the resident remains a resident of the care home. In cases where a resident moves from one care home to another, existing practices will be undertaken to ensure secure portability of information.

5.6 Principle (f): Integrity and confidentiality

Compliant: Yes

Description of how you have complied:

As data controllers Care homes already gather personal information about visitors and are subject to requirements around safeguards for storing and processing it. The Care Inspectorate provides guidance for adult services on record keeping.

5.7 Principle (g): Accountability

Compliant: Yes

Description of how you have complied:

Care home providers will be required to act in accordance with the code of practice that will be issued by the Scottish Government.

Contact

Email: myhealthmycaremyhome@gov.scot

Back to top