The Pre-school Learning Alliance has warned that providers could be charged additional costs due to the new data protection rules.
The Information Commissioner’s Office (ICO), the body responsible for implementing GDPR, has confirmed to the Alliance that it will regard anyone actively using or storing electronic data as a ‘data controller’ under the new rules. This means that childcare providers are subject to the ICO’s annual registration fee.
Based on annual turnover or the number of employees which an organisation has, the ICO registration fees are set to be split into three tiers.
For tier 1, the proposed fee is £40 a year for organisations with fewer than 10 employees or with a turnover of up to £632,000.
This will rise to £60 a year for small or medium organisations with fewer than 250 members of staff and a turnover of £36 million and £2,900 for larger organisations.
Many insurance companies have advised that childcare providers should hold some data, such as accident logs or safeguarding notes, for up to 21 years. This means that early years providers who store data electronically may have to pay an annual ICO registration fee even if they have left the profession or have retired.
The ICO confirmed that providers with safely stored paper-based records that will not be uploaded on to a computer device do not need to pay the registration fee.
The Pre-school Learning Alliance’s quality and standards manager, Melanie Pilcher, said, “It’s positive to have secured this confirmation from the ICO because we know that many childminders and smaller providers have been seeking clarity on this issue for months. That said, we’re clear that an exemption recognising the unique position childcare providers are in would have been a more effective response than the sticking plaster that this compromise represents.
She added: “There’s no doubt that the most secure and efficient way for providers to store data is electronically and so it’s disappointing that the ICO cannot ensure the GDPR makes a provision for that. The ICO’s compromise – to ensure that records are paper-based, securely-stored and not uploaded to a computer – may mean providers don’t have to pay a registration fee but could leave some storing reams upon reams of paper.”
Sarah Neville of Knutsford Childminding, who first raised the issue with the Alliance, said that she is concerned that digital media could become inaccessible due to the length of time that insurers recommend that providers keep records for.
Whilst it was reassuring to hear that providers would not have to pay for storing paper-based records, she said, this was only for providers with unlimited printer ink and for those who do not use digital systems and are happy to store boxes full of paperwork in their cupboard or loft for years.
She added: “However, please spare a thought for those providers who are using online systems, believing themselves to be ‘paperless’ and ‘eco-friendly’ and who will now be forced to spend hours printing – or, of course, continue paying ICO in perpetuity.”
An ICO spokesperson said, “GDPR doesn’t represent a change from the position under the Data Protection Act where early years provider data protection fees are concerned. As data controllers, early years providers still have to comply with the law and should still pay a fee to the ICO if they continue to hold children’s records in electronic form.
“They should consider how long is an appropriate period to retain the records for and, if they are retaining records, should ensure they are kept appropriately secure and that parents are made aware that records will be held. The exemption for paper-based records is set out in the current law, as well as in the new law, and was agreed by Parliament, not the ICO.”