General Data Protection Regulations (GDPR) for early years providers
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation which came into force on 25 May 2018. It changes how organisations process and handle data, with the key aim of giving greater protection and rights to individuals.
The GDPR replaced the Data Protection Act 1998.
The UK is in the process of implementing a new Data Protection Bill which largely includes all the provisions of the GDPR. There are some small differences, but once the Bill has passed through Parliament and becomes an Act, UK law on data protection will largely be the same as that of the GDPR.
For further information to ensure you are compliant with GDPR see the following:
- Information Commissioner's Office (ICO)
- Early Years Alliance
- Herefordshire Records Management provides guidance on the legal and recommended retention periods for records kept by early years providers