GPDR Privacy Agreement


General Data Protection Regulation

Data Protection has been updated in England Cand is now regulated by the General Data Protection Regulation (GDPR).

As a childminder I was previously registered with the Information Commissioner Office (ICO), however, the rules and regulations have been historic for some time and have not kept up to date with technologies such as the internet and mobile phones, iPads etc. It is for this reason that there has been an overhaul of the data protection rules.

The 6 Principles

• Lawfulness, fairness and transparency
• Purpose limitations
• Data adequate- minimalization
• Accuracy
• Retention
• Integrity and confidentiality

8 Rights for individuals under GPDR

1. The right to be informed
2. The right to access
3. The right to rectification
4. The right to erase
5. The right to restrict processing
6. The right to data portability
7. The right to object
8.


legal bases for processing data

1. Consent
2. Contract
3. Legal obligation
4. Vital interests
5. Public tasks
6. Legitimate interests

This means that if requested, I share information with parents about the information I hold about my child, can give a reason why I hold this information and explain how long I hold the information.

Data about children and family information is collected for specified, explicit and legitimate purposes only and it is not further processed in a manner that is not incompatible with those purposes.

Data is adequately relevant and limited to what is necessary about the purpose for which they are processed.

Data is accurate and where necessary kept up-to-date, this means I will ask for regular reviews of personal information.

Information is kept in a form that permits identification of the data subjects for no longer than is necessary.

Information is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing and accidental loss, destruction or damage.


Who is the Data Controller?

As the owner of my business Butterflies Child Minding Services, I am the Data Controller and this means that I am in charge of all data that I collect and I am responsible for keeping all information up to date, relevant and confidential at all times.

What do the changes mean to my child and my Details?


By new GDPR Legislation in May 2018 I am required to inform you of why, where and how I gather and store personal information about your family and your child.

All data held by me is processed fairly, lawfully and in a transparent manner.

The new legislation requires childminders to obtain and where appropriate gain permission from parents to gather, store and share information about their child.

As a childminder setting, I require the following information about your child and your family;

Child's name
The child's Date of birth
Address
Parental responsibility
Parents contact details
Emergency contact details
Drs name and contact details
Any medical details
Religion/faith
Permission forms
Permission to share information
Behaviour incident recording
Injury
Accident
First aid administered
Medical plans
Likes and dislikes
Concerns regarding a child
Details of any other agencies involved for example Health Visitors or social worker
On-going children observations, development milestones and photographic and video evidence

How do I store information where is it stored and for how long?

Paper records

I keep paper records of the register, contracts, permission forms, sharing information with other professionals, sharing information with other settings, accident, injury, first aid records, behaviour records, all about me booklet, passport communication, incidents, physical intervention forms, concerns about a child, risk assessments, starting points/baseline, focussed observations, next steps, quarterly review, learning journeys transition documents, two-year-old checks, behaviour plan, care plan, emergency contacts all of this information is kept in a locked a filing cabinet when I am not working and I am the sole person responsible for the locked cabinet.


Computer Records

I keep quarterly reviews on my computer, two-year-old checks, transition documents, behaviour plans incident reports and care plans my computer is password protected and I have spyware McAfee Live Safe that scans for viruses and has a firewall

Mobile Phone, iWatch, iPad and Macbook Air.

I keep my parent’s names and telephone numbers on my Mobile Phone and this is mirrored on my iWatch and iPad in case of an emergency. I also take photographs on my mobile phone and iPad and as soon as these are added to your child’s learning journey then they are deleted from all parts of the devices. all three devices are password-protected and security-protected



Handbag


I am also required under Ofsted regulations to record your child’s development under EYFS, this includes taking photographs to use in the child's learning journey, Permission will be sought from parents for their own child's picture to be included in other children's learning journeys on the understanding that once that child leaves the photos then become the property of that child's parents and we no longer have responsibility for them. This is because, under the new GDPR legislation, a parent can now withdraw permission for us to store, use or keep any photos or personal information on a child. Any information about accidents or incidents involving a child in our care has to be kept until a child reaches 21 years and 3 months of age and will not be included in the withdrawal of permission as we are required by Ofsted and our insurance to keep this information.
We are now also required to have parental permission in the methods we use to contact you and share information, I store my parents' mobile numbers on my mobile phone and will continue to use this method to contact you unless told otherwise. I use WhatsApp to share photos and information with parents about the child's daily routine and will continue to use this method unless informed otherwise by a parent.
If a parent requires me to delete or destroy any information about their child once they have left the setting I will discuss the information with them and explain which parts can be deleted and which information must be kept to comply with my Ofsted registration and insurance requirements.