Some of our services have changed. Please see our services update page for more details

Recording violent or aggressive incidents

How to report all types of abusive behaviour

In some sectors or organisations reporting can be seen as unnecessary or stigmatising. For this reason, it is important to ensure that managers and employees understand why reporting of all types of abusive behaviour is necessary.

  1. Why you need to record violent or aggressive incidents
  2. Reporting violent or aggressive incidents to the police
  3. Sharing personal information with other organisations

3. Sharing personal information with other organisations

Every organisation has a legal responsibility to ensure that their risk assessments are suitable and sufficient. To identify significant risks you need to have all the relevant information available.

When you need to share information between organisations, you need to make sure that you adhere to General Data Protection Regulation (GDPR) guidance.

The General Data Protection Regulation and the Data Protection Act 2018 set the rules and basis for data management.

  • It is legal to share information if the purpose is to protect the health and safety of employees.
  • It is necessary for organisations to have arrangements in place to ensure that this is done only when necessary, and adheres to GDPR guidance.
  • It is important that the information kept is accurate and fair.

Prior to sharing information, the organisation holding it must consider carefully how any recipient organisation or department is going to use it, and what the effect on people is likely to be. Your policy needs to be very explicit about this. It is good practice to get a data sharing agreement with the recipient organisation.

You can find more information about sharing information on the Information Commissioner’s Office website.

Processing data

Article 6 of the GDPR explains when you are able to share information with other organisations. You need to have a clear case to allow you to do this, and it’s very important that you keep a record of your decision and the reasons behind it.

You need to be able to demonstrate that you have a lawful reason to share information under

  • consent – the individual gave  you permission
  • contract – you have a contract with the individual and the processing of data is necessary
  • legal obligation – you share data to comply with legislation 
  • vital interest – you share data to save someone’s life
  • public task – you do this to complete a task in the public interest
  • legitimate interest – you can process data in your legitimate interest, however this can’t override a duty that you may have to protect people’s data.

You can use a questionnaire from the Information Commission’s office (ICO) to help you decide if you have a legal reason to process information.

Go to the questionnaire on the Information Commission’s office website