General Data Protection Regulations (GDPR)

The setting’s named General Data Protection Regulations (GDPR) Officer is Keith McGregor (Lead Trustee).

As a setting we take general data protection regulations very seriously with the utmost regard and an audit of the 12 steps has been taken in line with the ICO website guidance. This General Data Protection Regulations 2018 is to be respected with the setting’s safeguarding policy.

Should a breach of data protection occur, then the GDPR Officer named above will undertake liaisons with the required regulatory personnel. Only persons held within a supervisory role hold keys to children’s information, which are stored in line with KCC advice.

By completing the children’s application and enrolment forms with an email address upon it, then parent/carers are giving permission to be contacted by the setting via this email address given. No information about children and their families will be held on cloud storage. Any sensitive and personnel information will be sent via the secure email or password protected.

Although the setting has a website, no children’s personal information will be stored upon it. This includes no photographs of the children and no stored emails are held for the purpose of the website.

Any information stored and for the longevity of this is done so in accordance with the GDPR and with all other external agencies advice and legislations.

Early years settings, Schools, Local authorities (LAs), the Secretary of State for Children, Schools and Families and the Department for Children, Schools and Families (DCSF), (the government department which deals with the education and children’s services), the Qualifications and Curriculum Authority (QCA), Her Majesty’s Chief Inspector of Education, Children’s Services and Skills (OFSTED), and the National Assessment Agency (NAA) all process information on children and pupils in order to help administer education and children’s services and in doing so have to comply with GDPR. This means, among other things, that the data held about children, must only be used for specific purposes allowed by law. We are, therefore, writing to tell you about the types of data held, why that data is held, and to whom it may be passed on.

The Early Years Setting holds information on children in order to support their development, to monitor their progress, to provide appropriate pastoral care, and to assess how well the setting as a whole is doing. This information includes contact details, attendance information, characteristics such as ethnic group, special educational needs and any relevant medical information. This information is in line with the KCC privacy notice. From time to time the Early Years Settings are required to pass on some of this data to the Local Authorities, The DfE and to agencies that are prescribed by law, such as QCA and OFSTED. An assessment is made of all children and by the age of five a record of transfer is completed in accordance with the Early Years Foundation Stage (EYFS) and this information is passed to the Local Authority and receiving maintained school.

The Local Authority (LA) uses information about children for whom it provides services to carry out specific functions for which it is responsible. For example, the Local Authority will make an assessment of any special educational needs the child may have. It also uses the information to derive statistics to inform various decisions. The statistics are used in such a way that individual children cannot be identified from them.

The Qualifications and Curriculum Authority uses information about children to administer national assessments such as the Early Years Foundation Stage profile. Any results passed on to the DCSF are used to compile statistics on trends and patters in levels of development. The QCA can use the information to evaluate the effectiveness of the national curriculum and associated assessment arrangements, and to ensure that these are continually improved.

Her majesty’s Chief Inspector of Education Children’s Services and Skills and Ofsted do not routinely process any information about individual children. However whilst Ofsted holds no records of individual children’s progress it does use information about the achievement of groups of children to help inform its judgements about the quality of Education in Early Years Settings.

The National Assessment Agency uses information from settings regarding the Early Years Foundation Stage. The resulting data is passed on to the NAA which also uses information in working with schools, the QCA, and awarding bodies, for ensuring an efficient and effective assessment systems covering all age ranges is delivered nationally.

The Secretary of state for Children, Schools and Families and the Department for Education (DfE) use information about children and pupils for research and statistical purposes, to allocate funds, to inform, influence and improve education policy and to monitor the performance of the education and children’s services as a whole. The DCSF will feedback to LAs information about children for a variety of purposes that will include data checking exercises and use in self-evaluation analysis.

Information about children may be held to provide comprehensive information back to the LAs to support their day to day business. The DfE may also use contact details from these sources to obtain samples for statistical surveys. These surveys may be carried out by research agencies working under contract to the Department and participation in such surveys is usually voluntary. The department may also match data from these sources to data obtained from statistical surveys.

The DfE may also disclose individual child and pupil information to independent researchers into the educational achievements of pupils who have legitimate need for it for their research, but each case will be determined on its merits and subject to the approval of the Department’s Chief Statistician.

Children, as data subjects, have certain rights under the GDPR, including general rights of access to personal data held on them, with parents exercising this right on their behalf if they are too young to do so themselves. If you wish to access the personal data held about your child, please contact the relevant organisation in writing (which will require the requestor’s proof of identity):

  • The Windmill Nursery, c/o The Brent Primary School, London Road, Stone, Dartford, Kent, DA2 6BA (01322 229393).
  • The Local Authority (KCC): Access to information co-ordinator, Sessions House, County Hall, Maidstone, Kent, ME14 1XQ.
  • The QCA’s GDPR officer at QCA, 83 Piccadilly, London W1J 8QA.
  • OFTSED’s GDPR officer at Alexandra House, 33 Kingsway, London WC2B 6SE.
  • The National Assessment Agency GDPR officer at NAA, 29 Bolton Stree, London W1J 8BT.
  • The DfE GDPR officers at DfE, Sanctuary Buildings, London, SW1P 3BT.