General Data Protection Regulation, or GDPR will supersede the UK Data Protection Act 1998 and come into force from 25th May 2018.

This Toolkit is bursting with resources and templates to ensure you are ready for the new regulation and help your childcare business to maintain exemplary data protection procedures.

Includes resources to assist with all of the following:

• Data Audit – Data Inventory & Information Asset Registers for children/families (& staff)
• Privacy Information & Procedures – Privacy Notice, Staff Privacy Notice & Retention Policy 
• Data Sharing – Parent and Processor Data Sharing Agreements
  
• Subject Access Requests – Acknowledgement & Response Letter Templates & Subject Access Request Form
• Data Breaches & Privacy Impact Assessments – Data Breach Register, Privacy Impact Assessment Form
• Data Collection & Processing Procedures – Summary flow chart

Data Audit

Complete a comprehensive DATA AUDIT of all of the information that you hold in the form of a DATA INVENTORY and… INFORMATION ASSET REGISTERS for every child (and staff member).

Completing a data inventory will allow you to consider in detail all of the data you collect and process within your care service, why you need this information (the lawful basis for processing), how you record and store data, any persons or organisations this data is shared with, how long it is retained for and how it is deleted / destroyed.

Images show samples from larger documents.

Create a comprehensive record of all the data you hold for each individual child (or staff member). Keeping information asset registers up to date will allow you to see at a glance what data you hold specific to each person, when records were last updated, where information is stored, how long it will be stored for, whether data has been shared with other parties and when certain records are deleted / destroyed. Perfect for checking and locating information quickly should you receive a Subject Access Request (request for information).

Completed editable templates are provided, for children / family data and for staff records if you employ staff or assistants. Blank templates are also provided. Simply edit or add details where necessary to suit your own setting and circumstances.

Privacy Information & Procedures

Provide parents and families with all of the information they require regarding your data processing and retention procedures in the form of a PRIVACY NOTICE and RETENTION POLICY 

and… Inform staff members about the information you collect and process about them in the form of a STAFF PRIVACY NOTICE.

Images show samples from larger documents.

Provided as word documents, you can edit these templates to suit your individual business and circumstances.

Data Sharing

Seek the necessary consent from parents when data is to be shared with other professionals and organisations and clearly explain the purposes of information sharing with a PARENTAL DATA SHARING AGREEMENT. 

and…Outline the conditions of any data sharing arrangements with data processors that handle information on behalf of your business (for example, an accountant) via a PROCESSOR DATA SHARING AGREEMENT.

These forms are provided as PDF Forms, information may be typed into relevant sections before saving, printing or sharing digitally. Please refer to the FAQ page for further assistance regarding the use of PDF forms.

Completed examples included.

Subject Access Requests

Manage and respond to any SUBJECT ACCESS REQUESTS using these letter templates and subject access request form.

Respond immediately to any request for information with an acknowledgement letter, explaining the procedures you follow and include a copy of your Privacy Notice.

Enclose a subject access request form alongside your acknowledgement letter to request identification documents and further details regarding a subject access request.

Following receipt of a completed subject access request form and suitable forms of identification, you can proceed to respond to a request. The subject access request response letter template will help you to respond appropriately depending on the outcome of the request. Simply erase the sections that are not relevant and edit as required.

And…create a record book, keeping copies of any subject access request information, your response and the data that was provided.

The letter templates are provided as word documents and can be edited as required. The Subject Access Request Form and the cover are provided as PDF Forms, information may be typed into relevant sections before saving, printing or sharing digitally. Please refer to the FAQ page for further assistance regarding the use of PDF forms.

Data Breaches & Privacy Impact Assessments

Record and report any DATA BREACH that occurs and complete a PRIVACY IMPACT ASSESSMENT following a data breech or to carefully consider new approaches to data handling procedures in order to minimise the risk of a breach occurring.

Record all the necessary information following a data breach including when it occurred, the type of breach and the data that was exposed, how many individuals were affected, the details of any other data processors involved, and evident when the ICO, the data subjects and anyone else involved has been notified.

Complete an impact assessment following any data breach to assess in detail your procedures for collecting and handling specific records or data assets. Give details of any improvements that could be made to reduce risk and record when actions are completed. Privacy Impact Assessments are also a useful exercise to complete for records containing highly sensitive data or when considering using a new method to collect, process or store information to ensure you have considered and minimised any risks. Completed example included. 

These forms are provided as PDF Forms, information may be typed into relevant sections before saving, printing or sharing digitally. Please refer to the FAQ page for further assistance regarding the use of PDF forms.

Data Collection & Processing Procedures

Use this summary flow chart to ensure everyone involved understands clearly your data collection and processing procedures.

Supplied as a word document, you can edit as required to suit your individual setting procedures.

Also included in this pack…

GDPR Toolkit Guidance Notes – further explanation on how to edit and use the templates.

AND our FREE Guide for Childminders and Childcare Providers which explains in detail the principles and requirements of GDPR from a childcare provider’s perspective.

Further Details

The Data Inventories, Information Asset Registers, Privacy Notice, Staff Privacy Notice, Retention Policy, Subject Access Request Letters and Data Collection & Processing Procedures flow chart are all supplied as Microsoft Word documents and can be edited as required to suit your own setting and circumstances.

All other items including the Data Sharing Agreement Forms, Subject Access Request Form, Data Breach Record, Privacy Impact Assessment and cover sheets are supplied as PDF Forms. You can choose to print them out and complete by hand or use your computer / tablet to enter information before printing or saving / sharing digitally. Please see the FAQ page if you require further assistance using PDF Forms. 

If you require any small alterations to the text within the forms, please contact us as we may be able to assist you. Please contact us with your requirements.

The download version of this pack is supplied as a ZIP FILE. Please see the FAQ page for further information.  

Whilst MindingKids endeavours to keep the information in our products up to date and correct, we make no warranties of any kind. It is the responsibility of each individual childcare provider to ensure that they comply with relevant legislation and requirements.

In addition to the resources provided in this pack, MindingKids also recommends the following new and updated resources to assist with GDPR compliance: 

or…

Why not become a MindingKids member? PAY JUST £30 TODAY for UNLIMITED ACCESS to ALL our OUTSTANDING Resources!

CLICK HERE for full details of our membership packages!