Jump to content
Home
Forum
Articles
About Us
Tapestry

My GDPR 'To Do' list


FSFRebecca
 Share

Recommended Posts

58 minutes ago, louby loo said:

I haven't a clue but I saw it on the PLSA website when checking for downloads.  It covers you for data breakdowns (can't think of correct word!)  If it only adds £5-10 I might consider it.

Breeches that's the word - covers you for Data Breaches [as you can tell I'm not sure how to spell it though xD]

Ok I get it now.  Wonder how much it will cost as I bet it won’t be included in our current insurance policy.🙄

Link to comment
Share on other sites

7 minutes ago, zigzag said:

Ok I get it now.  Wonder how much it will cost as I bet it won’t be included in our current insurance policy.🙄

No, I had our renewal through last week didn't see that it was included- not sure if it's even an option mentioned on the paperwork.

admittedly I've only glanced at it - meaning I just looked at the amount payable.

  • Haha 1
Link to comment
Share on other sites

  • 2 weeks later...

So I am (very, very) slowly getting there. I have rejigged the PSLA privacy notice for us. But am a little stuck on the storage bit.

I use Dropbox to store all our digital stuff- That way I work on it at home and at work. No one else can access the dropbox account from different locations. (unless they have our password) But obviously if you accessed either laptop which are both password protected then you could. 

Is it enough for me to say that digital data is stored on a secure dropbox account accessed via preschool laptops only - that are password protected.?????

if not then I'm stumped- I need to be able to work on stuff at home but have previously gone down the usb route and that didnt work as I kept forgetting to take it to work or bring it home- even tried a keyring one that fell off the keyring- so Im not going down that route again!

After doing the lovely Rebecca's audit it has thrown up that we dont actually keep much 'personal' data in digital format. Funding forms were sent through this term from our LA via email (cos the secure email system they have set up,  due to GDPR wouldn't allow us to open them securely!) But again could delete once printed, Registers are compiled on there, with names & DoB but I could delete these once I've printed them off- dont mark them in electronically- we mark them in by hand. Offer letters are done but only have a childs christian name on- no other identifying. Probably have some other bits for staff (havent got around to staff yet)  So what do you think- anyone else do the same as me with onedrive or google drive?  

Does any one else feel like they are going around in circles and not getting very far

Edited by lynned55
  • Like 1
Link to comment
Share on other sites

Hi Lynned 

I use onedrive so like you I can pick up and work at home, I use a password protected laptop at home and onedrive is password protected, I could also delete names from registers, session lists, key groups etc once printed but I’m not going to as that would mean adding them all again for the following term rather than just adding  new chn or increased sessions. 

Our ‘Impact assessment’ flagged that other staff working on paperwork at home that they say (I don’t agree) they don’t have time for at work, this could be shared info sheets, transition forms etc needs tightening up, I’m wondering if it might be better to have a onedrive account for those types of forms, each staff and myself could have the log in, nothing would be stored on own devices just all in this cloud type thingy, just an initial could be added by staff and I’d add the name/DOB before printing then delete ...would that make any sense? 

I was hoping the funding forms would go back to annual this time with the need to limit the data we store but they aren’t :-( 

Link to comment
Share on other sites

29 minutes ago, Rebecca said:

I work at home and my laptop is encrypted and password protected. One drive is also secure if everyone has the same levels of protection on their laptops and PCs. 

The encryption bit still scares me 😱 really have to try and get to grips with that.

Link to comment
Share on other sites

Hi All

I am working through our to-do list. Next is contacting 3rd Parties.

Who have you all contacted? I have jotted down the list on the first page of this thread. Just wondering if anyone had an update...

Cheers

 

 

Link to comment
Share on other sites

On 4/9/2018 at 12:11, finleysmaid said:

So having done some more research !! the gdpr rules are not retrospective ....You could however use it as an opportunity to ensure you are only keeping what you need for the future.

Apologies if I'm misunderstanding but does this mean we don't need to go back over old data collected and clear out 'un-necessary' bits? 

Link to comment
Share on other sites

1 hour ago, Rosabean said:

What are you putting in the Privacy Notice for the ‘lawful basis’ for processing data? I’m getting overwhelmed by technical language. Do we need to cite the exact wording? I hate this stuff!!!

Have you downloaded the Privacy notice and the enrolment form? We have included all the details on there.:)

Link to comment
Share on other sites

I have downloaded it , yup, but had been panicked into thinking I needed to include more information. (Two gdpr courses this week and I am still stressing!)

I have to say that the guidance on here has been so incredibly useful. Thank you so much!

 

  • Like 1
Link to comment
Share on other sites

20 hours ago, Rosabean said:

What are you putting in the Privacy Notice for the ‘lawful basis’ for processing data? I’m getting overwhelmed by technical language. Do we need to cite the exact wording? I hate this stuff!!!

I've just gone with a general contractual, legal obligation and consent for my staff privacy policy (I just re-worked the workforce one on here https://www.gov.uk/government/publications/data-protection-and-privacy-privacy-notices ), I think I'm staff ready now, they've had in-house training, as a team completed an 'impact assessment' and they've had a privacy notice, a copy of the audit (staff table) and a letter with yes/no answers to give consent for using their names and photos.

Link to comment
Share on other sites

5 hours ago, Mouseketeer said:

I've just gone with a general contractual, legal obligation and consent for my staff privacy policy (I just re-worked the workforce one on here https://www.gov.uk/government/publications/data-protection-and-privacy-privacy-notices ), I think I'm staff ready now, they've had in-house training, as a team completed an 'impact assessment' and they've had a privacy notice, a copy of the audit (staff table) and a letter with yes/no answers to give consent for using their names and photos.

Good work there!

  • Thanks 1
Link to comment
Share on other sites

5 hours ago, Mouseketeer said:

I've just gone with a general contractual, legal obligation and consent for my staff privacy policy (I just re-worked the workforce one on here https://www.gov.uk/government/publications/data-protection-and-privacy-privacy-notices ), I think I'm staff ready now, they've had in-house training, as a team completed an 'impact assessment' and they've had a privacy notice, a copy of the audit (staff table) and a letter with yes/no answers to give consent for using their names and photos.

You've done well :)

  • Thanks 1
Link to comment
Share on other sites

Do all staff need training/briefing in GDPR or just those in management positions?

For example it would be our manager that collects the information and speaks to parents about the contract, other staff would only access to contact parents in emergency situations.....I'm mainly talking about the enrollment form with the parent/child personal information.

 

 

 

 

Link to comment
Share on other sites

All staff who have access to data will need some training - in my opinion.  Would they be able to get the enrolment forms themselves or are they secure data that's locked away? 

  • Like 1
Link to comment
Share on other sites

The forms are locked away in the office so staff would not normally access unless the manager wasn't in (I think-will double check).

Manager hasn't done any training yet. If it wasn't for me being on here we probably wouldn't have known. Our LA stopped providing support last December. 

Happy to direct her to suitable training if anyone has any suggestions/links.

Thanks

Link to comment
Share on other sites

I did the PSLA educare one online, it was only £7, but like you say i’d already had an understanding of GDPR from here, I did the questions and couldn’t figure out why I couldn’t get my certificate and it was because I hadn’t gone through the guidance module :-/, that’s what I then used to do the staff training, when I did it they were telling you controllers don’t have to register with ICO now which is wrong (hopefully they’ve changed that bit) I think the manager should do some training as she will be the one handling the bulk of the data and staff will need an understanding as they handle the children’s data. 

I have now split all our lockable records into ‘only accessible by manager’ and ‘accessible by manager and deputy’, out of interest do you access/hold any personal date being a hands on Chair?  I’ve only really had fundraising committees and apart from the treasurer seeing the accounts folder my committee don’t have access to anything with personal data on (the chair will see things when signing off or doing interviews or appraisals with me but only in th eoffice) other than their committee meeting minutes with names against actions like get teabags :P (note to self committee consent form for names on notice board, website, newsletters and minutes).

Link to comment
Share on other sites

On 29/04/2018 at 08:28, Mouseketeer said:

I did the PSLA educare one online, it was only £7, but like you say i’d already had an understanding of GDPR from here, I did the questions and couldn’t figure out why I couldn’t get my certificate and it was because I hadn’t gone through the guidance module :-/, that’s what I then used to do the staff training, when I did it they were telling you controllers don’t have to register with ICO now which is wrong (hopefully they’ve changed that bit) I think the manager should do some training as she will be the one handling the bulk of the data and staff will need an understanding as they handle the children’s data. 

I have now split all our lockable records into ‘only accessible by manager’ and ‘accessible by manager and deputy’, out of interest do you access/hold any personal date being a hands on Chair?  I’ve only really had fundraising committees and apart from the treasurer seeing the accounts folder my committee don’t have access to anything with personal data on (the chair will see things when signing off or doing interviews or appraisals with me but only in th eoffice) other than their committee meeting minutes with names against actions like get teabags :P (note to self committee consent form for names on notice board, website, newsletters and minutes).

Thanks. I'll direct her to the educare website.

The only regular data I have access to is staff. That would be their names and pay (to do their wages). I also keep the committee register with our details. Nothing to do with children/parents.

 

 

Link to comment
Share on other sites

1 hour ago, Cait said:

I have also read recently that controllers don't need to register with ICO. I hope someone clarifies this soon. 

I’ve been told today by a parent it’s ‘optional’ if you have less than 250 staff ...damn they could have mentioned that before I spent most of the Easter holiday on it  😱

https://www.parenta.com/2018/04/30/new-gdpr-rules-could-result-in-additional-costs-for-providers/?utm_term=New GDPR rules could result in additional costs for providers&utm_campaign=New GDPR rules could result in additional costs for providers&utm_content=email&utm_source=Act-On+Software&utm_medium=email&cm_mmc=Act-On Software-_-email-_-New GDPR rules could result in additional costs for providers-_-New GDPR rules could result in additional costs for providers

Edited by Mouseketeer
Link to comment
Share on other sites

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. (Privacy Policy)