FSFRebecca Posted April 30, 2018 Author Posted April 30, 2018 1 hour ago, Mouseketeer said: I’ve been told today by a parent it’s ‘optional’ if you have less than 250 staff ...damn they could have mentioned that before I spent most of the Easter holiday on it 😱 https://www.parenta.com/2018/04/30/new-gdpr-rules-could-result-in-additional-costs-for-providers/?utm_term=New GDPR rules could result in additional costs for providers&utm_campaign=New GDPR rules could result in additional costs for providers&utm_content=email&utm_source=Act-On+Software&utm_medium=email&cm_mmc=Act-On Software-_-email-_-New GDPR rules could result in additional costs for providers-_-New GDPR rules could result in additional costs for providers What did they think was optional? The whole GDPR? The having a nominated official data protection officer is optional for smaller businesses - see 11/12 here
Mouseketeer Posted April 30, 2018 Posted April 30, 2018 7 minutes ago, Rebecca said: What did they think was optional? The whole GDPR? The having a nominated official data protection officer is optional for smaller businesses - see 11/12 here Oh yes, the whole compliance thing didn’t mean us !
Mouseketeer Posted May 3, 2018 Posted May 3, 2018 With 3 wks to go how is everyone’s prep going? I’m on the policy now, I’ve seen a couple of examples but no way is mine going to be that long ! 1 A4 side or 2 at a push or maybe font 6 ;-), I haven’t started on agreements yet, not really sure where to start with those, does anyone have any useful links to websites (I don’t have the PSLA policies etc so can’t look there).
FSFRebecca Posted May 3, 2018 Author Posted May 3, 2018 We (my setting, not FSF!!) Have completed audit Written to all 3rd parties - (one remains decidedly questionable) Re written enrolment form Written to all parents re new enrolment form/ financial terms and conditions / privacy notice - in process of getting consent/contracts signed Written to all staff re data held and issued new privacy notice Audited all procedures re data on display in setting and made necessary adjustments Staff training completed 1 = intro to GDPR and 'what is it?', 2 = 'How does it affect you?' Staff training to do = changes to policies and working procedures Stripped all setting laptops of data and moved to usb storage which is locked away and requires management permission to access Changed all passwords and security info on websites, emails etc Still to do, policy update - saving this til last as we keep coming up with new things we need to do differently Anything I've missed?
sunnyday Posted May 3, 2018 Posted May 3, 2018 9 hours ago, Mouseketeer said: With 3 wks to go how is everyone’s prep going? I’m on the policy now, I’ve seen a couple of examples but no way is mine going to be that long ! 1 A4 side or 2 at a push or maybe font 6 ;-), I haven’t started on agreements yet, not really sure where to start with those, does anyone have any useful links to websites (I don’t have the PSLA policies etc so can’t look there). Mousie - do you mean 'Privacy notices' for Parents or something else? (I might be able to help) 1
sunnyday Posted May 3, 2018 Posted May 3, 2018 5 hours ago, Rebecca said: We (my setting, not FSF!!) Have completed audit Written to all 3rd parties - (one remains decidedly questionable) Re written enrolment form Written to all parents re new enrolment form/ financial terms and conditions / privacy notice - in process of getting consent/contracts signed Written to all staff re data held and issued new privacy notice Audited all procedures re data on display in setting and made necessary adjustments Staff training completed 1 = intro to GDPR and 'what is it?', 2 = 'How does it affect you?' Staff training to do = changes to policies and working procedures Stripped all setting laptops of data and moved to usb storage which is locked away and requires management permission to access Changed all passwords and security info on websites, emails etc Still to do, policy update - saving this til last as we keep coming up with new things we need to do differently Anything I've missed? I think you should go and have a lie down in a darkened room now 1
FSFRebecca Posted May 3, 2018 Author Posted May 3, 2018 Just now, sunnyday said: I think you should go and have a lie down in a darkened room now One day, Sunnyday, one day... being the owner/manager I rarely sleep 1
Hamantha Posted May 3, 2018 Posted May 3, 2018 12 hours ago, Mouseketeer said: With 3 wks to go how is everyone’s prep going? I’m on the policy now, I’ve seen a couple of examples but no way is mine going to be that long ! 1 A4 side or 2 at a push or maybe font 6 ;-), I haven’t started on agreements yet, not really sure where to start with those, does anyone have any useful links to websites (I don’t have the PSLA policies etc so can’t look there). Well, so far we have: Completed audit Updated Privacy Notices for parents/staff and our Committee Members Completed staff training (along same lines as Rebecca, although we've also discussed policy/procedure changes) Started to clear our laptops of old data Password protected everything!! Taken off saved password settings. It has been a lot of work and we still have more to do... Update our registration form (only going to ask those staying on with us if they want to fill in new form now. Thought we would get them to do this in Sept when we usually update/check all info) Send out all the updated Privacy Notices Issue updated policies and procedures Contact third parties (doing this last as I'm hoping they will contact us first...) to check GDPR compliant Sharing Agreements - hoping for some inspiration as not really sure what to put in...will have to do some research. Review our website privacy notice/cookie policy and get a SSL certificate. We were not going to write a Data Protection policy as everything is covered by our already extensive policies such as ICT, Tapestry, Confidentiality... (we have so many now!) and our Privacy Notice. 1
Mouseketeer Posted May 3, 2018 Posted May 3, 2018 (edited) Good work Rebecca and Hamantha completed: Audit - workforce, committee, chn, parents, others Impact assessment privacy notices - for all as audit covering letters and agreements/consent - all except chn childrens permission/consent form - use of names, photos, sun cream, walks (all separate yes/no) Registration form updated Booking request form updated Training + cascade to staff Tapestry parent agreement Read to pg 26 of Tapestry contract (promise to finish and sign ASAP) password changes Policy updated (1 A4 side ) to do: sharing agreements (also unsure about what these should have in them and what to do with them) add a paragraph to prospectus Also hoping for 3rd parties to send me evidence of their compliancy .....it’s not happening yet :-/ delete all files from pc & lap top that isn’t really needed ALL the techy stuff 😭 Edited May 3, 2018 by Mouseketeer 1
Hamantha Posted May 3, 2018 Posted May 3, 2018 Wow, you are nearly there! I will have a look around for ideas for sharing agreements and let you know if I come up with anything 1
C1403 Posted May 7, 2018 Posted May 7, 2018 So far I have done: Excel data audit Drafted new enrollment form Drafted privacy notice and letter for parents Drafted privacy notice and letter for staff Passed this all to the manager to read/review and then I'll do a final version to send out before half term. If I left it to her I'd still be chasing in September! Still to do Get Manager to do GDPR Training Contact 3rd parties Update our main data protection and confidentiality policy and other policies that have GDPR reference. Any wonder I'm thinking enough is enough this year, even though DD has a year left! 1
Stargrower Posted May 7, 2018 Posted May 7, 2018 What does GDPR training involve? Is it necessary? Our LA have said they are not offering training or information on GDPR.
Mouseketeer Posted May 7, 2018 Posted May 7, 2018 C1403 ...I’ll be looking for a new chair shortly and would be happy to have you ;-), I’m not sure if it was needed as the committee are the controllers really but I also did a Committee letter/consent form and privacy notice separate to the parent one as more of their information is shared eg. Names on the notice board, newsletters, minutes, all have each other’s email addresses (officer numbers also) - consent, their details are shared with Ofsted, LA and Charity commission (legal obligation). Stargrower...ifyou are a PSLA member do theirs it was only £7 and took no time at all, only 10 questions, which you’ll already know from here and there is a guidance module you can then share with other staff 1
Mouseketeer Posted May 14, 2018 Posted May 14, 2018 I think my last task is to come up with a 'data sharing' agreement, I'm sat here staring at the the ICO checklist for sharing but not getting a lot of inspiration, all the templates I've found look very wordy (scary), has anyone come up with a suitable one for the types of sharing we do e.g sen reports, shared setting progress, school transitions etc? thanks :-)
Tcha Posted May 14, 2018 Posted May 14, 2018 I'm now trying to put together staff and parent privacy notice - I have had a look at some online but I was wondering if anyone has a template for these at all please, or know where I can find both staff and parent notices please. Thank you
FSFRebecca Posted May 15, 2018 Author Posted May 15, 2018 21 hours ago, Tcha said: I'm now trying to put together staff and parent privacy notice - I have had a look at some online but I was wondering if anyone has a template for these at all please, or know where I can find both staff and parent notices please. Thank you Have you looked at the resources we have been posting? You can download them for your own use. I have taken the parent privacy notice down at the moment, but it'll be back up later
Tcha Posted May 16, 2018 Posted May 16, 2018 Thank you Rebecca, I was obviously looking in the wrong place.
Bluebirds Posted May 16, 2018 Posted May 16, 2018 On 03/04/2018 at 16:14, Rebecca said: An encryption key is a little usb thingy that you can use to provide an additional level of security on your computers. We have them here at FSF. Basically they are set so that your computer won't start without the usb in. Then if someone steals the PC they can't get to your data, even if they know your password - the pc just won't start. Once you have started your pc you lock the usb away in a different place to the pc (in the safe?). I'll ask one of the FSF tech genies to put a 'how to' guide up here. I think the usbs themselves cost about £7 each. Hello Please how can we buy the encryption key. Thanks 1
Mouseketeer Posted May 17, 2018 Posted May 17, 2018 Hi bluebirds, welcome to the forum, that’s a good question, I have been looking at them on a well known auction site, but no idea which I should get, prices vary greatly so any ‘reasonable’ priced recommendations would be good...and is it a different one for each device? (pc and lap top).
Mouseketeer Posted May 17, 2018 Posted May 17, 2018 I am still working on the 'agreements', I'm planning on a separate for each processor we share with now, do you think this from the framework is good enough reason to legal Obligation for school transitions? 3.68.Providers must maintain records and obtain and share information (with parents and carers, other professionals working with the child, the police, social services and Ofsted or the childminder agency with which they are registered, as appropriate) to ensure the safe and efficient management of the setting, and to help ensure the needs of all children are met.Providers must enable a regular two-way flow of information with parents and/or carers, and between providers, if a child is attending more than one setting. If requested, providers should incorporate parents’ and/or carers’ comments into children’s records.
Tim Posted May 17, 2018 Posted May 17, 2018 Hi Bluebirds. Any USB drive is fine to use as an encryption key with accompanying encryption software. There are hundreds out there, but you don't need to spend very much at all. I chose one that was as physically small as possible, as I wanted to keep it on my keyring. Also, as I don't store any additional files on the USB drive, I purchased the smallest capacity available. Mouseketeer, dependent on your software, it may be possible to have one usb drive acting as an encryption key for multiple devices, but you could end up continually swapping it between devices. More information from earlier posts:
Mouseketeer Posted May 17, 2018 Posted May 17, 2018 woooohhhh back up there..so now as well as a key I need software? 1
sunnyday Posted May 17, 2018 Posted May 17, 2018 Not sure why I'm laughing - it's all going over my head now 2
Lioness Posted June 25, 2018 Posted June 25, 2018 Hi all, Just reviewing GDPR and just wondering if a 3rd party provides their Privacy Notice to you, does this count as not having to contact them now as all the information required by you to prove they are complaint is in their Privacy Notice? Or do you still need to ensure you contact each one individually just to ensure you are proving how you are being compliant? Many thanks.
Hamantha Posted June 25, 2018 Posted June 25, 2018 1 hour ago, Lioness said: Hi all, Just reviewing GDPR and just wondering if a 3rd party provides their Privacy Notice to you, does this count as not having to contact them now as all the information required by you to prove they are complaint is in their Privacy Notice? Or do you still need to ensure you contact each one individually just to ensure you are proving how you are being compliant? Many thanks. I would also be really interested to know what others think. I have left third party stuff at the end of my GDPR to do list in the hope that they would all contact me first! Also, has anyone drawn up data sharing agreements with primary schools? I am thinking in relation to transition reports. Thanks! 1
Piskie Posted July 14, 2018 Posted July 14, 2018 Can anyone tell me where to get these USB keys from please? I can’t find them anywhere. A brand name would be even better Thanks
Lioness Posted July 23, 2018 Posted July 23, 2018 On 25/06/2018 at 14:27, Lioness said: Hi all, Just reviewing GDPR and just wondering if a 3rd party provides their Privacy Notice to you, does this count as not having to contact them now as all the information required by you to prove they are complaint is in their Privacy Notice? Or do you still need to ensure you contact each one individually just to ensure you are proving how you are being compliant? Many thanks. Anyone any thoughts on this? Many thanks!
Recommended Posts