GDPR |
||
Policy Statement General Data Protection Regulations Policy On the 25th May 2018 the General Data Protection Regulation will come into effect and become law which will impact all businesses including the Early Years sector. As childminders we must be complaint with all new legislation that comes into force and we must meet the new requirements. It is a European law and includes the UK; this will remain in place even once we leave the EU. The GDPR has been brought in to reflect more modern times including the electronic process we use to collect and store data. It is also to give individuals greater control over their own personal data. However it is not just for those who use modern technology, the law affects any business which uses a highly structured filing system –in short any setting who needs to process and store away personal data as part of their responsibilities. Personal data includes any data which can identify a person including but not limited to; names, addresses, invoices, date of birth and email addresses. GDPR uses two terms, the controller and the processor. The controller determines the purpose and the means of personal data. The processor processes data on behalf of the controller. As childminders we will always be one or both of these. The GDPR Principles are as follows:
Lawfulness of Processing Data
Consent All consent to collect or store data must be freely given.It should be unambiguous. Consent can be withdrawn at any time. Consent must now be freely given so pre ticked boxes will no longer be used; in short people must now be able to opt in rather than opt out. As childminders we are already bound by the regulations set by the Information Commissioner’s Office (ICO) and pay our yearly fee to ensure all our data is protected by the laws of the country. Retention Periods This remains unaffected by the GDPR, and we must continue to store personal data for the specified length of time. We only hold what is absolutely by law required to keep, if we have other information you as the parents have the right to request it or request for it to be destroyed. Retention periods change so please get in touch if you would like to know what the current regulations are regarding retention of personal data. We also must ensure we keep up to date with the latest retention regulations. Any Data we collect must fall into one of the 6 Lawfulness of Processing Data categories. If it does not we can ask you for explicit consent, which you can withdraw from at any time. Of course there will be some Acts which we must adhere to over and above GDPR; one example of this is the Children’s Act. Data Breaches We will be obligated to notify the ICO of a data breach within 72 hours of becoming aware of the breach. We understand the huge fines in place for failing to follow correct procedures for a breach in data. Please see separate Privacy Notice
| ||