With the General Data Protection Regulation (GDPR) implementation fast approaching, Early Years Providers need to ensure they are complaint with the new regulations. All organisations that handle personal data need to apply the Regulation from 25th May 2018.
Whilst Early Years Providers are not classed as large scale providers of data and therefore do not need to appoint a Data Protection Officer, they hold significant amounts of sensitive data and need to ensure they comply with the regulations. Non-compliance can result in fines of up to £500,000 from the Information Commission office and individuals have the right to claim compensation if they are distressed by the misuse of their personal data.
In general, Early Years setting should already be compliant with the majority of the new regulations due to them following Data Protection and Privacy laws. However internal policy and procedures must be reviewed and updated. For example, as highlighted in the link below, statements on consent forms need to be to ensure Parents and Guardians know:
- The setting’s lawful basis for processing their data
- Retention periods
- That individuals have a right to complain to the ICO
For more information to support your setting, access the links below:
Hopscotch can help you navigate through this process if you feel you need support – get in touch today!