Jump to content
Home
Forum
Join Us
What's New
Articles
Resources
About Us
Tapestry
enuffsenuf

GDPR General Data Protection Regulation

Recommended Posts

I am aware of a new regulation coming in next year and am suddenly being bombarded by companies wanting to sell me all sorts of wonderful stuff to help us through the new requirements.     We are of course already registered for data protection etc.    Does anyone know if we will automatically be contacted to formally register for this?  Or is it just something we have to comply with.    

Share this post


Link to post
Share on other sites

Well I'm going to be honest here and say I don't really know the correct answer, however going by what I've seen on our LA website I think we just need to be registered with the ICO - which we have been doing for many years anyway.

Whether or not the ICO are going to hike up their prices is another story though.

Share this post


Link to post
Share on other sites

At our nursery we are starting with a data audit:

  • what data are we keeping?
  • Why are we keeping it?
  • Do we keep it securely?
  • Who has access to it?
  • Does the person who the data is about know what we are keeping and why?
  • Are we keeping it for an appropriate amount of time?

We intend to collect the details from the audit and then check that it complies with ICO best practice, we will then write to our parents and remind them what we are doing and why. We will also check that the companies that store data for us, e.g. Tapestry, our LA, our management system company for example are all also compliant. We might need to tweak some policies or put new procedures in place e.g. a "clear desk policy" which basically means that when people finish work they clear eveything away and lock it up if necessary. This is a useful documents that might help you https://ico.org.uk/for-organisations/education/

It doesn't come into effect until May 2018, so there is time!

Share this post


Link to post
Share on other sites

having spoken to a data manager about this they are suggesting that at the moment there should be no need for us to do (or change ) anything. An audit like Rebecca suggests is probably sensible for larger organisations, but as a 'small' data holder it is unlikely that anything other than ICO guidelines will need to be put in place. There should be NO need for anyone to pay for any services and the person I spoke to laughed and said it would be very tricky for them to charge you for anything because at present they wouldn't know WHAT you will need to do!! She warned that there were lots of companies trying to persuade people to let go of their money!!! The ICO are in charge of the new rules ...I am sure as long as you are registered with them that they will give further guidelines...for free...if needed!

  • Like 3

Share this post


Link to post
Share on other sites
On 11/7/2017 at 18:14, finleysmaid said:

having spoken to a data manager about this they are suggesting that at the moment there should be no need for us to do (or change ) anything. An audit like Rebecca suggests is probably sensible for larger organisations, but as a 'small' data holder it is unlikely that anything other than ICO guidelines will need to be put in place. There should be NO need for anyone to pay for any services and the person I spoke to laughed and said it would be very tricky for them to charge you for anything because at present they wouldn't know WHAT you will need to do!! She warned that there were lots of companies trying to persuade people to let go of their money!!! The ICO are in charge of the new rules ...I am sure as long as you are registered with them that they will give further guidelines...for free...if needed!

I agree, we're not paying anyone to do something we can do ourselves! Once we know more I'll make sure it's posted on here :D

  • Like 2

Share this post


Link to post
Share on other sites

×