The latest news and information

GDPR Compliance - General Data Protection Regulation (GDPR) - GDPR Case Studies

GDPR – Communications with staff

August 28, 2018

Case Study:
A new staff member has joined your service and is about to start their induction training. As a member of the team in the ECCE room, they will have access to a certain level of personal data relating to the children. They have also provided their own personal data as an employee, for example their bank details, their address etc. You want to ensure that they understand the service’s data protection policies and procedures.

 

What should I do:
You provide the new staff member with the following documents as part of their induction pack:

  • Personal Data Protection Policy – This policy will inform the staff member about the service’s process for handling personal data of parents, children, supplies and other individuals. It will outline their responsibilities as an employee when handling this personal data.
  • Employee Data Protection Policy – This policy will inform the staff member how you, as the employer, will manage personal data relating to staff.
  • Privacy Notice for Parents – This notice will explain what personal information is collected from parents and children, why it is collected, how it is used and how it is protected.
  • Privacy Notice for Employees – This notice will explain what personal information is collected from staff members, why it is collected, how it is used and how it is protected.

You also ask the staff member to complete ECI’s 40-minute online training as part of their induction programme. You file the certificate with the certificates of the other staff members to show the new staff member has also completed the training.

During the new staff member’s tour of the building, you highlight the importance of ensuring that personal data is locked away. In each room, you keep a folder of important information relating to the children in that room, for example contact details of parents and details of any allergies or medical conditions. This personal data is always kept in a locked cupboard to ensure it is kept safe at all times.

You let the staff member know that if they notice that any personal data in the service is lost or compromised, they should let you know as soon as possible so that you, as the owner/manager can implement the Data Breach Procedure.

All staff members know that they can ask questions in relation to the service’s data protection policies or procedures at any stage.

 

For more GDPR case studies, please click here

 

Share share share share
Tags: , , , , ,
Site maintained and developed by Cloud Nine