General Data Protection Regulation (GDPR) 25th May 2018


·         What Data Protection Policies & Procedures are currently in place?

·         Are you aware of what information (Data) you currently store in your service?

·         Where is this Data stored?

·         Are your IT/storage systems robust and secure?

·         What personal Data do you collect (Child’s, Parents/guardians/employees)?

·         Have you obtained consent?

·         How is the Data collected, manually, electronically, phone or in person?

·         For what purpose is the Data collected?

·         Is the Data relevant and up to date?

·         Who is responsible for collecting the Data? 

·         Who has access to the Data?

·         Who do you share the Data with and why?

·         Do you have signed consent to do so?

·         How long do you store the Data for?

·         Are you aware of Data Subjects rights?

·         Have you sourced training for your staff?

·         Is your staff aware of what constitutes a Data breach?

·         Are review procedures in place to ensure all policies continue to be up to date?


Data breaches must be reported with 72 hours of discovery.