Recent changes to data protection laws have forced early years providers to revise how they store and use personal data, or risk hefty fines. GDPR replaced the UK Data Protection Act on 25 May. To prepare, in April, Sunbeams Day Nursery and Pre-School owner Jackie Offer and her nursery manager attended a half-day NDNA session on GDPR in Bristol.
Two trainers introduced the changes, relating them specifically to nurseries. ‘One of the trainers was a nursery owner who gave lots of practical examples of the kind of data you need to keep in early years, and what you do not,’ says Ms Offer.
The training also provided tools, such as a training book, template privacy statement and data audit form. Following the course, Ms Offer and her staff used this to audit their data instead of paying an external company. ‘It was a huge amount of work for us, and it’s still ongoing,’ she says.
The audit revealed the nursery was unnecessarily storing multiple copies of personal data, as well as holding hard copies for longer than needed. ‘We have online management systems, so you don’t need to keep paper copies for so many years,’ Ms Offer says. ‘The course gave us confidence. We were able to have a massive bonfire.’
Ms Offer and her team reviewed the setting’s procedures, and provided training to its 18 staff. One example was to destroy surplus data immediately by buying a shredding machine. They also checked filing cabinets containing personal data were always locked.
Ms Offer says the course also helped staff communicate to parents their responsibilities when managing data; for example, children’s photographs. ‘It was much broader than I imagined,’ she says. ‘It took the scare factor out.’
NDNA has since launched in-house GDPR training that includes a pre-visit review of settings’ data audits and privacy statements, and on-site reviews of current practice.
