As we are all aware the new GDPR rules on data protection come into force on May 25th. We have worked hard to implement all the changes required to be ready for this deadline. At Parenta we have always maintained the strictest policies when it comes to the way we store data and we will still continue to store data in the same way.
All of our opt-in policies have been updated to ensure that data is obtained and shared only with explicit consent. We have robust opt-out procedures which gives the data owner full control to manage how we use their data. There is no official GDPR policy because it affects every aspect of any business.
That said, as part of our ongoing measures at making sure we are fully GDPR compliant, we have been working with the NCC Group, who are leading global experts in cyber security. The NCC Group’s clients include HM Government and big financial services institutes including high street banks, so you can rest assure your sensitive data is safe! This includes any data within all of our software products and their features.
Together, NCC and Parenta have undergone an extensive data mapping process of the information we hold. We have conducted a GDPR health check, which included reviewing all our internal policies. We have completed a gap analysis of every single process within the business and remediation steps to ensure that Parenta upholds the strictest measures, in order to comply with GDPR. We also work with Rackspace, a leader in hybrid cloud solutions. Rackspace manage and migrate our infrastructure. They offer the most comprehensive security and compliance service.
One of the biggest changes with GDPR is the way any personal data is obtained, stored and the rights of the person have whose data you are storing. If a person asks you to remove their data from your database you have to do that in a timely manner. This will need to be mapped out within your data processing policy.
There are some Government agencies who require you to store data for longer periods like HMRC who will need any financial data stored for 7 years. You might want to check with Ofsted what their requirements are to ensure any children’s data are kept for the correct amount of time, even if they have left your setting. Various local authorities may have different policies on this. Many insurance companies have advised childcare providers to keep some data such as accident logs or safeguarding notes, for up to 21 years.
Our nursery management software will allow you to delete a child’s data with all the necessary warnings in place to ensure it’s not deleted by accident. Once the data has been deleted this cannot be retrieved which is compliant with GDPR, so please be extra vigilant when you delete data from our software.
It is important to understand who has access to any log in details. You must ensure that all log in details are kept secure. Where possible do not share log in details as you will not be able to track who has deleted data off your system with generic log in details. Change your passwords regularly and store it in a secure place.