How does the GDPR affect nurseries?

The Basics

The GDPR (General Data Protection Regulation) is a regulation which covers the management and control of personal information. Despite being a European regulation, Britain’s plans to leave the EU will not affect compliance with it.

Personal data is classed as any data that can be linked to a single individual and can be used to identify them. Examples of personal data include an individual’s name, email address, postal address, telephone numbers, bank accounts and photos. It even includes data which by itself doesn’t identify someone but could when combined with other data.

Does it include children’s data?

Yes, it does! Nurseries should engage with parents/guardians of their children and build up trust and loyalty. Let them know what measures you are putting in place and that you are ahead of the game when it comes to keeping their children’s data safe.

GDPR in nurseries

Although consent is arguably the most important part of the GDPR, as a nursery you have other legal obligations that require you to collect, process and store personal data.

In order to comply with regulatory frameworks and inspectorates across the UK, there is a large amount of data that you must hold and maintain. These legal obligations override certain aspects of the GDPR and therefore you do not need consent to collect certain data from parents or children.

However, any data you hold which doesn’t relate to another legal obligation will (probably) require parental consent.

Do all staff need to know about the GDPR?

It’s important that all of your staff can answer parents’ queries about how their data will be used and stored. You need to make sure your staff are clear about the benefits the GDPR will give and also your legal obligations regarding safeguarding their children’s data.

Online GDPR Training

We offer an Online GDPR Essentials Training course AND an Online GDPR Training course for managers to help you understand how the GDPR will affect your organisation.

Both courses are available to try for free! Each course only takes around 40 minutes to complete and will run you through the topics you need to know about the regulations in order to work towards GDPR compliance.