Data protection by design
The East Riding pilot includes a governance approach that supports multi-centre roll-out while maintaining clear boundaries. This page summarises the design intent — detailed agreements (DPIA/DPA/DSA) are part of mobilisation.
Separation and access
- Organisation partitioning: centres access their own records only
- Role-based access control for staff and volunteers
- Principle of least privilege: default deny, grant as required
- Administrative controls to prevent accidental crossover
Audit and accountability
- Key actions logged (create/update, messaging sends, exports where applicable)
- Supports safeguarding, complaint handling, and accountability
- Designed to keep logs useful rather than overwhelming
Consent-led messaging
Messaging features are designed around consent and transparency. Centres can capture consent to contact and keep contact details up to date during normal service interactions.
- Consent flagging and time-stamped records
- Templates and message logging
- Opt-out handling approach (provider dependent)
Regional reporting boundaries
Council reporting is designed as an aggregated/permissioned layer. The pilot defines what is shared, at what granularity, and under which lawful basis.
- Aggregated KPIs rather than individual-level access by default
- Clear definitions and consistent reporting views
- Data Sharing Agreement (DSA) as part of mobilisation
What gets produced during mobilisation
To support council/funder assurance, the pilot mobilisation workstream typically includes: