Please enter a search term

Useful pages

Home Page About fostering Membership Get involved
Home About fostering Being a foster carer Relationship with your fostering service

Data protection act 2018

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

The Data Protection Act 2018 (DPA 2018) provides a legal framework for all data protection in the UK and has introduced new requirements for how organisations process personal data, as well as expanding the rights of individuals to control how their personal information is collected and processed.  

Fostering services across the UK must comply with this legislation, to be more accountable for data protection and consider issues of data compliance. Everyone responsible for accessing and using data within the fostering system (dependent on your role and responsibilities) must follow strict rules called ‘data protection principles’.

 

Principles of data protection

The following principles should apply in terms of data protection: 

  • Public authorities and fostering services are responsible for what and how they process, record and store personal data.   
  • Fostering services have a legal responsibility to ensure that all data they obtain is accurate, relevant, up to date, and that it is securely stored for no longer than it is necessary, or in accordance with record retention policies as stipulated by relevant legislation. 
  • Data protection policies must adhere to individual rights in terms of deleting and sharing data, gaining and managing consent and provision to access data held about an individual in accordance with regulations and set timescales. 
  • Services must adhere to upholding children’s rights and ensure specific protection for this group.
  • Public authorities and fostering agencies will need to appoint a Data Protection Officer. 
  • Public authorities and fostering services have a responsibility to notify the Information Commissioners Office (ICO) to report a breach, as well as individuals where high risk instances will impact on individual rights. 

 

Personal and confidential references

When undertaking assessments of prospective foster carers, fostering services are required to obtain a range of information about applicants from a variety of sources. This will inform their recommendation about the applicant’s suitability to foster. 

Personal references are just part of the information required to inform an assessment, along with other checks and references. In the fostering context, personal references are a statutory requirement in the process of assessing an applicant’s suitability to foster. The legislation across the UK provides the legal basis for the duty of fostering service providers to:  

  • ascertain the suitability of a prospective foster carer, 
  • interview at least two people to provide personal references, and 
  • provide written reports of the interviews. 

In data protection law, the Data Protection Act 2018 notes that there is a requirement to clarify the difference between a personal reference and a confidential reference.  

 

Practice information note for members

Our practice information note for members provides some further information to: 

  • clarify the difference in data protection law between a personal reference and a confidential reference
  • outline the implications of this for fostering services when undertaking fostering assessments
  • make recommendations regarding policy and practice in relation to obtaining personal references during fostering assessments and highlight the responsibilities of fostering services when managing references obtained as part of a fostering assessment. 
Download the practice information note

About us

Our locations

Terms and conditions Privacy Statement Making a complaint about The Fostering Network

Website and contents copyright © The Fostering Network 2025 – Registered in England and Wales as a limited company no. 1507277 – Registered charity in England and Wales 280852 and in Scotland SC039338

Go up