Four letters that should mean a great deal to every Childminder and Nursery!
Running a nursery means juggling a whole load of skills beyond helping children to grow. You have payroll, HMRC, Funding and Invoicing to deal with, so you would be forgiven for letting four very import letters pass you by.
GDPR stands for General Data Protection Regulation. It’s a new law that will come into force on the 25th May and replaces the Data Protection Act.
So why should I be worried?
Well the big press story is that for a breach, the maximum fine you can be hit with is 4% of revenue or £17million whichever is higher!
The ICO, The Information Commissioner’s Office are responsible for upholding the law in the UK and they have made it clear that as long as companies are making ‘best efforts’ to be compliant they won’t be hurting small business with massive fines. But if you have made no attempt to address them and you have a data loss be ready for a big fine!
Sign up to our GDPR mail list HERE!
So What do the new rules mean?
The key aspects are that it applies to any company that collects or processes data on individuals from the EU. As most companies hold data on individuals (their employees and customers) the law will apply to them.
- You should not hold data on an individual without their knowledge & consent
- An individual can request to see the information you hold on them
- An individual can request you delete data you hold about them – and you must delete it unless legally you have a requirement to retain that information e.g. Invoices for accounting
- Any data you hold on an individual must be secure and managed appropriately
Am I a Data Controller, or Processor? Or both?
As a nursery or childminder you are almost certainly a Data controller. This has some implications on the rules you must follow. You should also nominate a member of your team to be your data protection officer
It’s not just digital – But..
A lot of companies have misunderstood that GDPR only applies to digital data. But it actually applies to all data. So if for example you have parents names and phone numbers on a piece of paper. That is data that GDPR will apply to. Also your employees details, child data like their paper learning journals and any marketing information for prospective customers.
Most of us are already doing what you need to do for GDPR. Keeping confidential information in locked cabinets or using password protection on your computer. However the key thing for GDPR compliance is you write down your policy, so you can show you have made a considered attempt at compliance.
Get updates about GDPR by signing up NOW!
Get an ICO Registration
The very first thing you should do is register with the ICO at www.ico.org.uk You will need to do this as if you use anything digital to record data such as a PC, digital camera, CCTV, Tablet you should already be registered. It currently costs £35 per year and you will have to answer a few questions before you will be approved. They are all straightforward but in doing so you demonstrate the first hurdle in being GDPR compliant.
Ask your suppliers if they are ready
If you are using companies like iCapture then you should ask them if they are going to be compliant. We have additional duties as a data processor to keep the information you place on our systems safe and secure. We have been working on this for a long time and I am happy to say we are compliant.
But you should also ask your email provider, accounts software and any administration tools if they are GDPR compliant.
There is so much to do!
We have spent a lot of time on GDPR but for a childminder or nursery the task is a lot less stressful. So don’t panic. We are running a series of blog posts and Webinars to talk you through the basics so by the 25th May you will have nothing to worry about.