Restrict 1:1 Agency/Outside Carers from Accessing Other Residents' Data not under their care

Can we restrict 1:1 agency carers from accessing the data of other residents not in their care? How? This might be a GDPR issue so I need to do it urgently. Said carers are not employed by MMCG but by the council. Thanks!