GDPR Guidance for Nurseries
Take a look at our 6 tips to help you understand GDPR…
Familiarise yourself with the legislation – it’s not that scary!
The GDPR came into force in May 2018 and much was said about
the impact of it on businesses. In reality, not a huge amount has changed in terms of compliance, providing you were already in compliance with the previous Data Protection legislation. A good resource to start is the ICO website which provides lots of reading templates and some useful starting guides.
Data Protection Impact Assessments are an essential tool for compliance
One of the key changes in GDPR compared to previous data protection legislation is for data controllers to review all existing and new data processing, also known as Data Protection Impact Assessments. These assessments will look at the data processed and assess the impact on the rights of the data subject. This can be a powerful tool in ensuring continued compliance with GDPR.
Keep a record of all personal data you hold
An up to date record of all data processing should be completed by all data controllers. This shows the business (and third parties) that the company is aware of all data processing activities and any controls that are in place to safeguard that data. With this information, you can deal with any requests coming your way from data subjects.
Respond to requests promptly
Another change in legislation is the rules around responses
to data subjects around their information, commonly known as Subject Access Requests. A lot of businesses are unaware that there is a time limit of one month from acknowledgement before falling foul of GDPR (although this can be extended in certain circumstances).
Appoint a Data Protection Officer
A Data Protection Officer is a senior person that sits around board level and his / her responsibility is to ‘champion the data subject’. In other words, the DPO fights for the rights of the data subject. GDPR states that businesses who process special category data (which you probably will!) are highly recommended on appointing a DPO. This doesn’t need to be a staff member but they should hold enough seniority and be knowledgeable about data protection legislation.
Fines for non-compliance
The big talking point for when GDPR came into effect was the new fine system for non-compliance. The Data Protection Act previously specified a £500,000 maximum fine. The new legislation can fine a maximum of 4% of global revenue. If we assume that a certain social media company was guilty of non-compliance and got the maximum fine limit, this could total over £600 million!
Find out more info about GDPR in our updated eBook…
OR share this with friends and colleagues by downloading this pdf