zigzag Posted April 11, 2018 Posted April 11, 2018 58 minutes ago, louby loo said: I haven't a clue but I saw it on the PLSA website when checking for downloads. It covers you for data breakdowns (can't think of correct word!) If it only adds £5-10 I might consider it. Breeches that's the word - covers you for Data Breaches [as you can tell I'm not sure how to spell it though ] Ok I get it now. Wonder how much it will cost as I bet it won’t be included in our current insurance policy.🙄
louby loo Posted April 11, 2018 Posted April 11, 2018 7 minutes ago, zigzag said: Ok I get it now. Wonder how much it will cost as I bet it won’t be included in our current insurance policy.🙄 No, I had our renewal through last week didn't see that it was included- not sure if it's even an option mentioned on the paperwork. admittedly I've only glanced at it - meaning I just looked at the amount payable. 1
lynned55 Posted April 21, 2018 Posted April 21, 2018 (edited) So I am (very, very) slowly getting there. I have rejigged the PSLA privacy notice for us. But am a little stuck on the storage bit. I use Dropbox to store all our digital stuff- That way I work on it at home and at work. No one else can access the dropbox account from different locations. (unless they have our password) But obviously if you accessed either laptop which are both password protected then you could. Is it enough for me to say that digital data is stored on a secure dropbox account accessed via preschool laptops only - that are password protected.????? if not then I'm stumped- I need to be able to work on stuff at home but have previously gone down the usb route and that didnt work as I kept forgetting to take it to work or bring it home- even tried a keyring one that fell off the keyring- so Im not going down that route again! After doing the lovely Rebecca's audit it has thrown up that we dont actually keep much 'personal' data in digital format. Funding forms were sent through this term from our LA via email (cos the secure email system they have set up, due to GDPR wouldn't allow us to open them securely!) But again could delete once printed, Registers are compiled on there, with names & DoB but I could delete these once I've printed them off- dont mark them in electronically- we mark them in by hand. Offer letters are done but only have a childs christian name on- no other identifying. Probably have some other bits for staff (havent got around to staff yet) So what do you think- anyone else do the same as me with onedrive or google drive? Does any one else feel like they are going around in circles and not getting very far Edited April 21, 2018 by lynned55 1
Mouseketeer Posted April 21, 2018 Posted April 21, 2018 Hi Lynned I use onedrive so like you I can pick up and work at home, I use a password protected laptop at home and onedrive is password protected, I could also delete names from registers, session lists, key groups etc once printed but I’m not going to as that would mean adding them all again for the following term rather than just adding new chn or increased sessions. Our ‘Impact assessment’ flagged that other staff working on paperwork at home that they say (I don’t agree) they don’t have time for at work, this could be shared info sheets, transition forms etc needs tightening up, I’m wondering if it might be better to have a onedrive account for those types of forms, each staff and myself could have the log in, nothing would be stored on own devices just all in this cloud type thingy, just an initial could be added by staff and I’d add the name/DOB before printing then delete ...would that make any sense? I was hoping the funding forms would go back to annual this time with the need to limit the data we store but they aren’t :-(
FSFRebecca Posted April 21, 2018 Author Posted April 21, 2018 I work at home and my laptop is encrypted and password protected. One drive is also secure if everyone has the same levels of protection on their laptops and PCs. 1
Mouseketeer Posted April 21, 2018 Posted April 21, 2018 29 minutes ago, Rebecca said: I work at home and my laptop is encrypted and password protected. One drive is also secure if everyone has the same levels of protection on their laptops and PCs. The encryption bit still scares me 😱 really have to try and get to grips with that.
angela41 Posted April 22, 2018 Posted April 22, 2018 Having read everyone's comments on this topic, I can see that I am not going to be redundant any time soon! Thank you all for sharing and helping so much. 3
C1403 Posted April 23, 2018 Posted April 23, 2018 Hi All I am working through our to-do list. Next is contacting 3rd Parties. Who have you all contacted? I have jotted down the list on the first page of this thread. Just wondering if anyone had an update... Cheers
lynned55 Posted April 23, 2018 Posted April 23, 2018 Thanks Ladies!! That all sounds good. I havent actually contacted anyone yet. There again no one has contacted us including our LA! 1
Mouseketeer Posted April 23, 2018 Posted April 23, 2018 Work has got in the way of my GDPR prep unfortunately 1 1
C1403 Posted April 23, 2018 Posted April 23, 2018 Cool. I'm not going to worry myself too much. One step at a time :-)
Sarah_Church Posted April 24, 2018 Posted April 24, 2018 On 4/9/2018 at 12:11, finleysmaid said: So having done some more research !! the gdpr rules are not retrospective ....You could however use it as an opportunity to ensure you are only keeping what you need for the future. Apologies if I'm misunderstanding but does this mean we don't need to go back over old data collected and clear out 'un-necessary' bits?
FSFRebecca Posted April 24, 2018 Author Posted April 24, 2018 Hello Sarah_Church, We discussed the 'historical data' issue on this thread, you might find some help there
FSFRebecca Posted April 26, 2018 Author Posted April 26, 2018 Just for those who are waiting, Lauren has just posted #12 of the ICO steps thread. You can read it here (if you're not working internationally you have got a pass on this one!! ) 1
Rosabean Posted April 26, 2018 Posted April 26, 2018 What are you putting in the Privacy Notice for the ‘lawful basis’ for processing data? I’m getting overwhelmed by technical language. Do we need to cite the exact wording? I hate this stuff!!!
FSFRebecca Posted April 26, 2018 Author Posted April 26, 2018 1 hour ago, Rosabean said: What are you putting in the Privacy Notice for the ‘lawful basis’ for processing data? I’m getting overwhelmed by technical language. Do we need to cite the exact wording? I hate this stuff!!! Have you downloaded the Privacy notice and the enrolment form? We have included all the details on there.
Rosabean Posted April 27, 2018 Posted April 27, 2018 I have downloaded it , yup, but had been panicked into thinking I needed to include more information. (Two gdpr courses this week and I am still stressing!) I have to say that the guidance on here has been so incredibly useful. Thank you so much! 1
Mouseketeer Posted April 27, 2018 Posted April 27, 2018 20 hours ago, Rosabean said: What are you putting in the Privacy Notice for the ‘lawful basis’ for processing data? I’m getting overwhelmed by technical language. Do we need to cite the exact wording? I hate this stuff!!! I've just gone with a general contractual, legal obligation and consent for my staff privacy policy (I just re-worked the workforce one on here https://www.gov.uk/government/publications/data-protection-and-privacy-privacy-notices ), I think I'm staff ready now, they've had in-house training, as a team completed an 'impact assessment' and they've had a privacy notice, a copy of the audit (staff table) and a letter with yes/no answers to give consent for using their names and photos.
FSFRebecca Posted April 27, 2018 Author Posted April 27, 2018 5 hours ago, Mouseketeer said: I've just gone with a general contractual, legal obligation and consent for my staff privacy policy (I just re-worked the workforce one on here https://www.gov.uk/government/publications/data-protection-and-privacy-privacy-notices ), I think I'm staff ready now, they've had in-house training, as a team completed an 'impact assessment' and they've had a privacy notice, a copy of the audit (staff table) and a letter with yes/no answers to give consent for using their names and photos. Good work there! 1
louby loo Posted April 27, 2018 Posted April 27, 2018 5 hours ago, Mouseketeer said: I've just gone with a general contractual, legal obligation and consent for my staff privacy policy (I just re-worked the workforce one on here https://www.gov.uk/government/publications/data-protection-and-privacy-privacy-notices ), I think I'm staff ready now, they've had in-house training, as a team completed an 'impact assessment' and they've had a privacy notice, a copy of the audit (staff table) and a letter with yes/no answers to give consent for using their names and photos. You've done well 1
C1403 Posted April 27, 2018 Posted April 27, 2018 Do all staff need training/briefing in GDPR or just those in management positions? For example it would be our manager that collects the information and speaks to parents about the contract, other staff would only access to contact parents in emergency situations.....I'm mainly talking about the enrollment form with the parent/child personal information.
Cait Posted April 28, 2018 Posted April 28, 2018 All staff who have access to data will need some training - in my opinion. Would they be able to get the enrolment forms themselves or are they secure data that's locked away? 1
Mouseketeer Posted April 28, 2018 Posted April 28, 2018 10 hours ago, C1403 said: Do all staff need training/briefing in GDPR or just those in management positions? Has your manager done the training yet? they could then cascade to staff.
C1403 Posted April 28, 2018 Posted April 28, 2018 The forms are locked away in the office so staff would not normally access unless the manager wasn't in (I think-will double check). Manager hasn't done any training yet. If it wasn't for me being on here we probably wouldn't have known. Our LA stopped providing support last December. Happy to direct her to suitable training if anyone has any suggestions/links. Thanks
Mouseketeer Posted April 29, 2018 Posted April 29, 2018 I did the PSLA educare one online, it was only £7, but like you say i’d already had an understanding of GDPR from here, I did the questions and couldn’t figure out why I couldn’t get my certificate and it was because I hadn’t gone through the guidance module :-/, that’s what I then used to do the staff training, when I did it they were telling you controllers don’t have to register with ICO now which is wrong (hopefully they’ve changed that bit) I think the manager should do some training as she will be the one handling the bulk of the data and staff will need an understanding as they handle the children’s data. I have now split all our lockable records into ‘only accessible by manager’ and ‘accessible by manager and deputy’, out of interest do you access/hold any personal date being a hands on Chair? I’ve only really had fundraising committees and apart from the treasurer seeing the accounts folder my committee don’t have access to anything with personal data on (the chair will see things when signing off or doing interviews or appraisals with me but only in th eoffice) other than their committee meeting minutes with names against actions like get teabags (note to self committee consent form for names on notice board, website, newsletters and minutes).
C1403 Posted April 30, 2018 Posted April 30, 2018 On 29/04/2018 at 08:28, Mouseketeer said: I did the PSLA educare one online, it was only £7, but like you say i’d already had an understanding of GDPR from here, I did the questions and couldn’t figure out why I couldn’t get my certificate and it was because I hadn’t gone through the guidance module :-/, that’s what I then used to do the staff training, when I did it they were telling you controllers don’t have to register with ICO now which is wrong (hopefully they’ve changed that bit) I think the manager should do some training as she will be the one handling the bulk of the data and staff will need an understanding as they handle the children’s data. I have now split all our lockable records into ‘only accessible by manager’ and ‘accessible by manager and deputy’, out of interest do you access/hold any personal date being a hands on Chair? I’ve only really had fundraising committees and apart from the treasurer seeing the accounts folder my committee don’t have access to anything with personal data on (the chair will see things when signing off or doing interviews or appraisals with me but only in th eoffice) other than their committee meeting minutes with names against actions like get teabags (note to self committee consent form for names on notice board, website, newsletters and minutes). Thanks. I'll direct her to the educare website. The only regular data I have access to is staff. That would be their names and pay (to do their wages). I also keep the committee register with our details. Nothing to do with children/parents.
Cait Posted April 30, 2018 Posted April 30, 2018 I have also read recently that controllers don't need to register with ICO. I hope someone clarifies this soon.
Mouseketeer Posted April 30, 2018 Posted April 30, 2018 (edited) 1 hour ago, Cait said: I have also read recently that controllers don't need to register with ICO. I hope someone clarifies this soon. I’ve been told today by a parent it’s ‘optional’ if you have less than 250 staff ...damn they could have mentioned that before I spent most of the Easter holiday on it 😱 https://www.parenta.com/2018/04/30/new-gdpr-rules-could-result-in-additional-costs-for-providers/?utm_term=New GDPR rules could result in additional costs for providers&utm_campaign=New GDPR rules could result in additional costs for providers&utm_content=email&utm_source=Act-On+Software&utm_medium=email&cm_mmc=Act-On Software-_-email-_-New GDPR rules could result in additional costs for providers-_-New GDPR rules could result in additional costs for providers Edited April 30, 2018 by Mouseketeer
Recommended Posts