top of page


Click here to view document as PDF

Record Keeping


Data Protection policy


The Donkey Field Pre School is required to collect and use certain types of information regarding people with whom it deals in order to operate.

These include current, past and prospective employees, trustees, children, parents and other agencies with whom it communicates with.

In addition, the setting may occasionally be required by law to collect and use certain types of data to comply with the requirements of Government departments of Education.

This information must be collected, stored and used, whether on paper or electronically, in accordance to the Data Protection Act 1998 and The General Data Protection Regulation 2018 (GDPR).

We regard the lawful and correct treatment of personal data by The Donkey Field Pre School as very important to successful operations, and to maintain confidence between those with whom we hold information.


To this end we fully endorse and adhere to the principles of the GDPR 2018. The Donkey Field Pre-School will undertake its role to keep the premises, information and persons physically secure, in accordance with identified risk assessments, insurance requirements and legal obligations.






  • Shall be processed fairly and lawfully

  • Shall not be processed unless specific conditions are met

  • Shall only be obtained for its set purpose

  • Must be adequate, relevant, and not excessive in relation to the purpose

  • Must be current and up to date

  • Must be processed in accordance to the GDPR

  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data

  • Data must not be shared with any country or territory unless the country ensures adequate measures and protection of the rights and freedoms of the data subject in relation to the processing of personal data.

  • Observe full conditions regarding the fair collection and use of information, meeting all legal obligations to specify the purpose for which the information is used.

  • Collect and process data for only the purpose for which the information has been collected.

  • Apply strict checks to determine the length of time information is held in accordance to Ofsted and legal statutory guidance.

  • Take strict safeguarding measures with regards to technical and organisational security.


In addition, The Donkey Field Pre School will ensure that:

  • There is someone with specific responsibility for data protection, within the setting, amongst the four officers of the committee and within the accounts department.

  • The data protection officers will be Mrs.xxxxxxx

  • Everyone managing and handling personal data understands that they are contractually responsible for following good data protection practice.

  • All staff and main committee officers are expected to complete the GDPR (2018) training to enable good practice.

  • Queries regarding handling personal data must be promptly dealt with.

  • Methods of handling and storing data are clearly described to all concerned.

  • Performance of handling personal data must be regularly assessed and evaluated.





This procedure enhances the Data Protection and Security policy, detailing how the policy works within The Donkey Field Pre School.

This procedure covers Technical, Organisational and Physical Measures.

Detection and investigation breach of security include the following xxxxxxxxxxxxx




The Donkey Field Pre School uses data stored on xxxxxxxxxxx

  • A password protected computer/ iPad

  • Visual images on tapestry learning journals3

  • The Donkey Field Pre School website and Facebook page

  • Paper (letters, minutes, consent forms, special educational needs forms, referrals)


These components are stored in a locked cupboard, within the locked premises.


The computer can only be accessed by a password and the Gmail only by the Manager, accounts and officers via individual logins, only accessing information which is relevant to the individual’s role.


The children’s learning journals are only to be accessed by staff and parents via personal login.


The only people to remove data from these systems are the Manager and Deputy Manager.





The Donkey Field Pre School has a Confidentiality Policy which all staff, committee members and parents are made aware of.


All staff and committee members must sign a confidentiality agreement.


Risk assessments are carried out weekly to ensure there are no data protection breeches.


These are to be carried out by the data officers.


The Donkey Field Pre School uses the following reports on a daily/monthly and termly basis:

  1. Planning activities sheets

  2. Accident book

  3. Medication book

  4. Risk assessments

  5. Fire log

  6. Learning journals

  7. Central register

  8. Daily register

  9. Contact list

  10. Concerns log

  11. Special Educational Needs log

  12. Holistics portal (only by the Manager)

  13. Funding portal (only by the Manager)

  14. General letters

  15. Vulnerable Learners Audit (only by the Manager)

  16. Staff files

  17. Ucheck for DBS (Only by the Manager)


All of the above are stored in a locked cupboard, within the locked setting. Computer information is stored on a password computer. Social Service information is generated via an encrypted password safeguarding control.


Staff files are stored in a locked box. Only the Manager has access.

These details include:

  • Staff job descriptions, contracts, address, next of kin, staff supervision and appraisals and DBS numbers.



  • To detect if any technical data lost, removed, or wrongly used.

  • To report to the Data Protection Officer and committee Chair/Vice.




  • Regularly change passwords.

  • Investigate the data breech.

  • Inform committee.

  • Inform the correct authorities.

  • Hold interviews with people concerned.

  • Risk assessment to be carried out to prevent breech from reoccurring.

  • Where required, follow disciplinary procedure.


If a breach of data protection has taken place, Ofsted must be informed. In this situation, the Manager and the committee chairperson must be involved in the reporting process.


In the event the Manager as caused the breach, the Deputy Manager must be involved in the investigation.

Parents are issued with a privacy notice which explains the requirement of personal data, how it is used, stored, and destroyed.


Policy adopted by: The Donkey Field Pre-school

Policy adopted on: 3rd March 2018

Policy last reviewed: March 2019

Signed by Setting Manager

Signed by the Chairperson

bottom of page