The Hub
Data Protection
Data protection aims to protect people’s personal information from misuse by placing controls on organisations and people who handle personal information. Early years settings must comply with the Data Protection Act 2018 and correctly store and record all the personal information that it holds about individuals whether they are an employee, child, parent or member of the public.
Data Protection Act 2018 (DPA)
Data protection aims to protect people’s personal information from misuse by placing controls on organisations and people who handle personal information. The principal piece of legislation is the Data Protection Act 2018 (DPA). As part of this the 2018 Act applies the EU’s GDPR standards and ensured that modern, innovative uses of data can continue while at the same time strengthening the control and protection individuals have over their data.
Registering with the Information Commissioners Office (ICO)
The DPA places a number of obligations on settings when they process personal data.
For example, settings must notify the Information Commissioner about the information it holds and the purpose for holding such information and it must also comply with 8 data protection principles. To check whether you need to register with the Information Commissioner you can go through their quick self assessment tool. Some not-for-profit organisations may be exempt from registering with the Information Commissioner. Please see their website for further information.
Personal data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to countries without adequate protection
General Data Protection Regulation (GDPR)
As of the 25 May 2018, the European Union's GDPR (General Data Protection Regulation) comes into force in the UK. The GDPR will bring in stricter obligations that all employers must follow. GDPR a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union
The ICO (Information Commissioner's Office) has produced a guide to the GDPR, and has developed a number of free tools to help organisations to use. All businesses will be impacted – even a small, one-person business such as a childminding business. PACEY are launching tools to support childminders with this.
WF Traded Services offer a new service to assist you in complying with the requirement to appoint a Data Protection Officer (DPO) and the responsibilities set out in Article 39 of the General Data Protection Regulations (GDPR).
Privacy Notices
When an organisation collects personal information about an individual, it must make that information available to them.
Access Waltham Forest Template privacy notices under the Data Protection Act 2018 (‘the DPA’) and the EU General Data Protection Regulation (GDPR) Article 6 and Article 9 (from 25 May 2018).
You may wish to use this privacy notice to update your existing privacy notice and it is recommended that you amend the notice to suit your local needs and circumstances.
The privacy notice should be given to both staff and parents.
Storing and Protecting Information and Records
The Early Years Foundation Stage statutory guidance places specific requirements on childcare providers in storing and protecting information and records, as well as the need for staff to be aware of their obligations to protect the privacy of children and the legal requirements which underpin this (paragraphs 3.68-3.71). Any provider which retains electronic records and/or digital photographs of the children in their setting must register with the Information Commissioner's Office.
The Early Years Foundation Stage statutory guidance (paragraphs 3.72 and 3.76) states that the following records must be held and in accordance with the DPA:
Information about the child:
- full name;
- date of birth;
- name and address of every parent and/or carer who is known to the provider (and information about any other person who has parental responsibility for the child);
- which parent(s) and/ or carer(s) the child normally lives with; and
- emergency contact details for parents and/or carers.
Information about the provider:
- name, home address and telephone number of the provider and any other person living or employed on the premises (this requirement does not apply to childminders);
- name, home address and telephone number of anyone else who will regularly be in unsupervised contact with the children attending the early years provision;
- a daily record of the names of the children being cared for on the premises, their hours of attendance and the names of each child's key person; and
- their certificate of registration (which must be displayed at the setting and shown to parents and/or carers on request).
Moreover, providers must make the following information available to parents and/or carers (paragraph 3.73):
- how the EYFS is being delivered in the setting, and how parents and/or carers can access more information (for example, via the DfE website);
- the range and type of activities and experiences provided for children, the daily routines of the setting, and how parents and carers can share learning at home;
- how the setting supports children with special educational needs and disabilities;
- food and drinks provided for children;
- details of the provider's policies and procedures (all providers except childminders must make copies available on request) including the procedure to be followed in the event of a parent and/or carer failing to collect a child at the appointed time, or in the event of a child going missing at, or away from, the setting; and
- staffing in the setting; the name of their child’s key person and their role; and a telephone number for parents and/or carers to contact in an emergency.
Protocol regarding Waltham Forest sharing information about childcare providers
The Protocol regarding Waltham Forest sharing information about childcare providers is in relation to The Early Years, Childcare and Business Development Service sharing information about Ofsted registered childcare providers.