GDPR and changes to Data Protection Law

What is GDPR?

GDPR stands for: General Data Protection Regulation. Although the nursery has been working in line with the Data Protection Act, new regulations in relation to your personal data come into effect from 25th May. Redhill Day Nursery will ensure that personal data is protected and kept safely and securely. It will ensure that its policy for data protection is used as the basis for collecting, storing, accessing, sharing and deleting personal data. The nursery will use the General Data Protection Regulations (GDPR) as the benchmark for its standard for protecting personal data.


To ensure that decision makers and key people in the setting comply with the statutory changes to the GDPR which will officially come into force in May 2018

To ensure that there will be regular reviews and audits of the information we hold to ensure that we fully meet the GDPR statutory requirements.

To document the personal data we hold, where it came from and with whom it will be shared.

To ensure that data collection, data handling, data storage and data disposal procedures are in line with the GDPR and cover all the rights individuals have, including how personal data is deleted and destroyed.


Data access request procedures will be handled within the timescales set out in the GDPR and we provide any additional information in line with the GDPR guidance.

The processing of personal data will be carried out on a lawful basis as required by the GDPR.

Where the setting needs to seek consent, it will do so in a manner that meets GDPR standards.

Any records of consent and the management of the process for seeking consent will also meet the GDPR standard.

Where there is a personal data breach the procedures used to detect, report and investigate it will meet the requirements of the GDPR.

The systems the setting puts into place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity will meet the standard set in the GDPR.

The setting will have a Data Protection Officer who will be given responsibility for data protection compliance.

When the setting requests data we will provide appropriate privacy notices to explain why data is being and the purposes for which it is used.


The requirements of the GDPR will be met by this setting as the basis for collecting, storing, accessing, sharing and deleting personal data. Data will be processed fairly, lawfully and in a transparent manner. It will be used for specified, explicit and legitimate purposes in a way that is adequate, relevant and limited. It will be accurate and kept up to date and kept no longer than is necessary. Data will be processed in a manner that ensures appropriate security of the data.

Our Privacy notice: Privacy Notice

Our Confidentiality and Protection of Data policy: Policy

(Both these documents will open in new window. Please click on the document to view in full)