What is GDPR?
GDPR stands for the General Data Protection Regulation.
In very simple terms, the General Data Protection Regulation can be likened to an up-to-date version of the Data Protection Act.
When the first data protection laws were introduced in 1998, Google didn’t even exist. The GDPR recognises that our world – and the way our personal data is processed – has changed significantly in the last two decades.
As a childcare provider, we handle a lot of sensitive personal data about children, families and staff members. This data needs to be processed safely and kept secure, to stop it falling into the wrong hands or being used for a purpose other than what it was intended for.
What is the GDPR aiming to achieve?
The GDPR was created to strengthen data protection for people within the EU. It aims to give individuals more control over their personal data and make it easier for them to access.
In an early years setting, it falls to a person with parental responsibility to provide consent for processing personal data relating to a child. Regardless of who provides consent, the information we store and process about children and their families still needs to be adequately safeguarded.
The new rules introduced by the GDPR are “designed to make sure that people’s personal information is protected – no matter where it is sent, processed or stored – even outside the EU, as may often be the case on the internet.”
When will these rules be introduced?
The new rules were approved by the European Parliament in 2016 and came into effect from the 25th May 2018.
Who does this affect?
The GDPR will affect organisations carrying out ‘data processing’ of personal data. The term ‘processing’ covers holding or storing data, giving it to somebody or receiving it.
St Leonard's C of E Primary School already complied with the Data Protection Act 1998, so were already well on the way to being ready for the GDPR.