Jump to content
Home
Forum
Articles
About Us
Tapestry
This is the EYFS Staging Site ×

My GDPR 'To Do' list


FSFRebecca

Recommended Posts

1 hour ago, Mouseketeer said:

What did they think was optional? The whole GDPR? The having a nominated official data protection officer is optional for smaller businesses - see 11/12 here

Link to comment
Share on other sites

With 3 wks to go how is everyone’s prep going? 

I’m on the policy now, I’ve seen a couple of examples but no way is mine going to be that long ! 1 A4 side or 2 at a push or maybe font 6 ;-), I haven’t started on agreements yet, not really sure where to start with those, does anyone have any useful links to websites (I don’t have the PSLA policies etc so can’t look there).

Link to comment
Share on other sites

We (my setting, not FSF!!)

  • Have completed audit
  • Written to all 3rd parties - (one remains decidedly questionable)
  • Re written enrolment form
  • Written to all parents re new enrolment form/ financial terms and conditions / privacy notice - in process of getting consent/contracts signed
  • Written to all staff re data held and issued new privacy notice
  • Audited all procedures re data on display in setting and made necessary adjustments
  • Staff training completed 1 = intro to GDPR and 'what is it?', 2 = 'How does it affect you?'
  • Staff training to do = changes to policies and working procedures
  • Stripped all setting laptops of data and moved to usb storage which is locked away and requires management permission to access
  • Changed all passwords and security info on websites, emails etc
  • Still to do, policy update - saving this til last as we keep coming up with new things we need to do differently

Anything I've missed? O.o

Link to comment
Share on other sites

9 hours ago, Mouseketeer said:

With 3 wks to go how is everyone’s prep going? 

I’m on the policy now, I’ve seen a couple of examples but no way is mine going to be that long ! 1 A4 side or 2 at a push or maybe font 6 ;-), I haven’t started on agreements yet, not really sure where to start with those, does anyone have any useful links to websites (I don’t have the PSLA policies etc so can’t look there).

Mousie - do you mean 'Privacy notices' for Parents or something else?

(I might be able to help)

  • Thanks 1
Link to comment
Share on other sites

5 hours ago, Rebecca said:

We (my setting, not FSF!!)

  • Have completed audit
  • Written to all 3rd parties - (one remains decidedly questionable)
  • Re written enrolment form
  • Written to all parents re new enrolment form/ financial terms and conditions / privacy notice - in process of getting consent/contracts signed
  • Written to all staff re data held and issued new privacy notice
  • Audited all procedures re data on display in setting and made necessary adjustments
  • Staff training completed 1 = intro to GDPR and 'what is it?', 2 = 'How does it affect you?'
  • Staff training to do = changes to policies and working procedures
  • Stripped all setting laptops of data and moved to usb storage which is locked away and requires management permission to access
  • Changed all passwords and security info on websites, emails etc
  • Still to do, policy update - saving this til last as we keep coming up with new things we need to do differently

Anything I've missed? O.o

I think you should go and have a lie down in a darkened room now

  • Confused 1
Link to comment
Share on other sites

12 hours ago, Mouseketeer said:

With 3 wks to go how is everyone’s prep going? 

I’m on the policy now, I’ve seen a couple of examples but no way is mine going to be that long ! 1 A4 side or 2 at a push or maybe font 6 ;-), I haven’t started on agreements yet, not really sure where to start with those, does anyone have any useful links to websites (I don’t have the PSLA policies etc so can’t look there).

Well, so far we have:

  • Completed audit
  • Updated Privacy Notices for parents/staff and our Committee Members
  • Completed staff training (along same lines as Rebecca, although we've also discussed policy/procedure changes)
  • Started to clear our laptops of old data
  • Password protected everything!!
  • Taken off saved password settings.

It has been a lot of work and we still have more to do...

  • Update our registration form (only going to ask those staying on with us if they want to fill in new form now. Thought we would get them to do this in Sept when we usually update/check all info)
  • Send out all the updated Privacy Notices
  • Issue updated policies and procedures
  • Contact third parties (doing this last as  I'm hoping they will contact us first...) to check GDPR compliant
  • Sharing Agreements - hoping for some inspiration as not really sure what to put in...will have to do some research.
  • Review our website privacy notice/cookie policy and get a SSL certificate.

We were not going to write a Data Protection policy as everything is covered by our already extensive policies such as ICT, Tapestry, Confidentiality... (we have so many now!) and our Privacy Notice.

  • Like 1
Link to comment
Share on other sites

Good work Rebecca and Hamantha

completed:

  • Audit - workforce, committee, chn, parents, others
  • Impact assessment
  • privacy notices - for all as audit
  • covering letters and agreements/consent - all except chn
  • childrens permission/consent form - use of names, photos, sun cream, walks (all separate yes/no)
  • Registration form updated
  • Booking request form updated
  • Training + cascade to staff
  • Tapestry parent agreement
  • Read to pg 26 of Tapestry contract (promise to finish and sign ASAP) 
  • password changes
  • Policy updated (1 A4 side 9_9

to do:

  • sharing agreements (also unsure about what these should have in them and what to do with them)
  • add a paragraph to prospectus
  • Also hoping for 3rd parties to send me evidence of their compliancy .....it’s not happening yet :-/ 
  • delete all files from pc & lap top that isn’t really needed 
  • ALL the techy stuff  😭 

 

Edited by Mouseketeer
  • Like 1
Link to comment
Share on other sites

So far I have done:

Excel data audit

Drafted new enrollment form

Drafted privacy notice and letter for parents

Drafted privacy notice and letter for staff

Passed this all to the manager to read/review and then I'll do a final version to send out before half term. If I left it to her I'd still be chasing in September!

Still to do

Get Manager to do GDPR Training

Contact 3rd parties

Update our main data protection and confidentiality policy and other policies that have GDPR reference.

 

Any wonder I'm thinking enough is enough this year, even though DD has a year left! 

 

 

  • Like 1
Link to comment
Share on other sites

C1403 ...I’ll be looking for a new chair shortly and would be happy to have you ;-), I’m not sure if it was needed as the committee are the controllers really but I also did a Committee letter/consent form and privacy notice separate to the parent one as more of their information is shared eg. Names on the notice board,  newsletters,  minutes, all have each other’s email addresses (officer numbers also) - consent, their details are shared with Ofsted, LA and Charity commission (legal obligation).

Stargrower...ifyou are a PSLA member do theirs it was only £7 and took no time at all, only 10 questions, which you’ll already know from here and there is a guidance module you can then share with other staff

  • Like 1
Link to comment
Share on other sites

I think my last task is to come up with a 'data sharing' agreement, I'm sat here staring at the the ICO checklist for sharing but not getting a lot of inspiration, all the templates I've found look very wordy (scary), has anyone come up with a suitable one for the types of sharing we do e.g sen reports, shared setting progress, school transitions etc? thanks :-)

Link to comment
Share on other sites

21 hours ago, Tcha said:

I'm now trying to put together staff and parent privacy notice - I have had a look at some online but I was wondering if anyone has a template for these at all please, or know where I can find both staff and parent notices please. Thank you

Have you looked at the resources we have been posting? You can download them for your own use. I have taken the parent privacy notice down at the moment, but it'll be back up later :)

Link to comment
Share on other sites

On ‎03‎/‎04‎/‎2018 at 16:14, Rebecca said:

An encryption key is a little usb thingy that you can use to provide an additional level of security on your computers. We have them here at FSF. Basically they are set so that your computer won't start without the usb in. Then if someone steals the PC they can't get to your data, even if they know your password - the pc just won't start. Once you have started your pc you lock the usb away in a different place to the pc (in the safe?). I'll ask one of the FSF tech genies to put a 'how to' guide up here. I think the usbs themselves cost about £7 each. 

Hello 

Please how can we buy the encryption key. Thanks

  • Like 1
Link to comment
Share on other sites

Hi bluebirds, welcome to the forum, that’s a good question, I have been looking at them on a well known auction site,  but no idea which I should get, prices vary greatly so any ‘reasonable’ priced recommendations would be good...and is it a different one for each device? (pc and lap top).

 

Link to comment
Share on other sites

I am still working on the 'agreements', I'm planning on a separate for each processor we share with now, do you think this from the framework is good enough reason to legal Obligation for school transitions? 

3.68.Providers must maintain records and obtain and share information (with parents and carers, other professionals working with the child, the police, social services and Ofsted or the childminder agency with which they are registered, as appropriate) to ensure the safe and efficient management of the setting, and to help ensure the needs of all children are met.Providers must enable a regular two-way flow of information with parents and/or carers, and between providers, if a child is attending more than one setting. If requested, providers should incorporate parents’ and/or carers’ comments into children’s records.

Link to comment
Share on other sites

Hi Bluebirds. Any USB drive is fine to use as an encryption key with accompanying encryption software. There are hundreds out there, but you don't need to spend very much at all. I chose one that was as physically small as possible, as I wanted to keep it on my keyring. Also, as I don't store any additional files on the USB drive, I purchased the smallest capacity available. Mouseketeer, dependent on your software, it may be possible to have one usb drive acting as an encryption key for multiple devices, but you could end up continually swapping it between devices. More information from earlier posts:

 

Link to comment
Share on other sites

  • 1 month later...

Hi all,

Just reviewing GDPR and just wondering if a 3rd party provides their Privacy Notice to you, does this count as not having to contact them now as all the information required by you to prove they are complaint is in their Privacy Notice? Or do you still need to ensure you contact each one individually just to ensure you are proving how you are being compliant?

Many thanks.

Link to comment
Share on other sites

1 hour ago, Lioness said:

Hi all,

Just reviewing GDPR and just wondering if a 3rd party provides their Privacy Notice to you, does this count as not having to contact them now as all the information required by you to prove they are complaint is in their Privacy Notice? Or do you still need to ensure you contact each one individually just to ensure you are proving how you are being compliant?

Many thanks.

I would also be really interested to know what others think. I have left third party stuff at the end of my GDPR to do list in the hope that they would all contact me first!

Also, has anyone drawn up data sharing agreements with primary schools? I am thinking in relation to transition reports. 

Thanks!

  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
On 25/06/2018 at 14:27, Lioness said:

Hi all,

Just reviewing GDPR and just wondering if a 3rd party provides their Privacy Notice to you, does this count as not having to contact them now as all the information required by you to prove they are complaint is in their Privacy Notice? Or do you still need to ensure you contact each one individually just to ensure you are proving how you are being compliant?

Many thanks.

Anyone any thoughts on this?

 

Many thanks!

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. (Privacy Policy)