Data Protection Policy

In order to provide a quality early years and childcare service and comply with
legislation, I will need to request information from parents about their child and

family. Some of this will be personal data.

I take families’ privacy seriously, and in accordance with the General Data
Protection Regulation (GDPR), I will process any personal data according to the

seven principles below:

1. I must have a lawful reason for collecting personal data, and must do it in a
fair and transparent way. I will be clear about what data I am collecting, and


2. I must only use the data for the reason it is initially obtained. This means
that I may not use a person’s data to market a product or service to them
that is unconnected to the reasons for which they shared the data with me

in the first place.

3. I must not collect any more data than is necessary. I will only collect the
data I need to hold in order to do the job for which I have collected the data.
4. I will ensure that the data is accurate, and ask parents to check this
information throughout the period we are working together and confirm that

the data held is still accurate.

5. I will not keep data any longer than needed. I must only keep the data for as
long as is needed to complete the tasks it was collected for.
6. I must protect the personal data. I am responsible for ensuring that I, and
anyone else charged with using the data, processes and stores it securely.

7. I will be accountable for the data. This means that I will be able to show

how I am complying with the law.