Information

Families

Events

Previous events

Care Inspectorate Update and 'Q and A' Session

COVID-19 Inquiry Discussion

Autism Learning Session

Safer Staffing

Local Networking

International Learning Session

Get Ready for Summer

Getting it Right for Business

Access to Childcare Fund

SSSC Codes of Practice Conversation

A Register for the Future

Skills Development Funding

Getting Help with Childcare Costs

Not just a dream

Back to basics- financial planning in OSC

SOSCN Members Online Network Meetings - October

Activity and Wellbeing 29/11/2022

Scottish Government School Age Childcare Update

Delivering a Playful and Active Summer 2021

Back to Basics

Networking Meetings - May and June 2021

Networking Meetings

OSC Practice during COVID

Staying Out

Celebrating Out of School Care

SOSCN Regional Events

Seeing the Potential

Shaping the Framework

Seeing the Whole Child

Teaching Stem in OSC

What it Takes

Networking Opportunity

more

In-Person Play Training

Jim Taylor Knows Autism - Session 2

Building Resilience Event

Online Membership Catch-up

more

Quality Assurance

Policy

SOSCN

OSC A to Z

Training

BLOG

Membership

Library

News

Shop

Online Learning

more

Soscn home

General Data Protection Regulation (GDPR)

IMPORTANT NOTE:

All the information that follows is only guidance from SOSCN's own understanding of the legislation- this may change or develop as time continues, and in no way can this be seen as legal advice. The information has been gathered from a variety of official resources listed at the end, as well as a conversation with the Information Commissioner's Office (ICO).

WHAT IS THE GDPR?

The GDPR is legislation which will be enacted from the 25th May and it is concerned with how personal data is stored, handled, shared and ultimately destroyed -it recognises an individual's rights to privacy, including that of children.

“Many of the GDPR's main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are some new elements and significant enhancements, so you will have to do some things for the first time and some things differently.” ('Preparing for the General Data Protection Regulation (GDPR) 12 Steps to Take Now', ICO)

What does this mean for out of school care services?

In the first instance you need to declare your 'lawful basis' for processing personal data. There are 6 lawful bases:

“(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone's life.

(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)”
(https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ accessed 08-03-18)

You have to meet at least one of these basis, and for out of school care services these would be: 'legal obligation' - it is a legal obligation by the Care Inspectorate that you hold personal data on children in your care, and 'vital interests' - you require personal data on children to ensure the children's wellbeing and safety within your care.

When gathering information about children through completion of registration forms, 'all about me' etc on registration of children, parents (and children) must be aware of why you are gathering this personal data, how this will be stored and what will be done with this data when it is no longer required. So, parents must sign and date terms and conditions/privacy agreement which states they have read and agreed to the terms and conditions associated with the personal data held by the organisation.

The terms and conditions should:

1. State your legal basis to gather personal data in accordance with the GDPR ('legal \obligation' and 'vital interests', and clearly state that is through compliance with Care Inspectorate registration).

2. State how this information will be SECURELY stored. If you use digital files then you need to ensure that all devices storing this data or emails etc are encrypted.

3. State which persons (their professional roles) within the organisation will have access to the full personal data- these are the organisation's 'data processors', and only they should have access to full records.

4. State the organisation's procedures to detect, report and investigate any data breaches.

5. State how any personal data will be shared, if at all with other agencies- for out of school care this will be on a parent (and possibly child) consent basis unless it is a child protection issue which relates to a parent/carer, where child protection procedures come into effect.

6. State that parents and children are able to request to see the personal data which is held.

7. State how often this information will be reviewed - six monthly minimum for information held on children in out of school care.

8. State WHEN personal data will be disposed of, including circumstances and timeframes.

9. State HOW personal data will be SAFELY disposed of.

Please note that this also applies to personal data held on employees and committee/board members. If parents refuse to sign this agreement then you will not be able to hold personal data, and since you have a legal obligation to do so, you cannot provide a service for this child. No agreement, no service.

CHILDREN AND THE GDPR

You should write clear privacy notices for children so that they are able to understand what will happen to their personal data, and what rights they have.

Children have the same rights as adults over their personal data. These include the rights to access their personal data; request rectification; object to processing and have their personal data erased. Again, if they request personal data to be erased which you are required to have by law, then you would not be able to provide a service for them.

PHOTOGRAPHS AND THE GDPR

Please note that photographs can be considered personal data if the person can be identified so signed consent from children and parents should be given before photographs are used in the public realm such as published materials, website, social media etc. Also, children (and adults) will have recourse to request that these images are deleted at a later date from online resources.

So you can ask for general consent from children and parents for photographs which will be used within the service e.g. floor books, information folders, children's own folders etc however, you will require specific and additional written consent if you wish to use a particular photograph on a website, facebook, twitter etc. if a child is identifiable. You can still use photographs of activities showing hands etc without specific consent since children are not personally identifiable.

PLEASE NOTE

Employment files must also be treated in the same way as children's records- the GDPR relates to all personal data held by an organisation.

Useful Guides

Practice Focus

2024

April

Health and Safety

17/04/2024

practice-focus-health-and-safety-apr-24.pdf

1 MB

February

Medication Management

05/02/2024

practice-focus-medication-management-feb-24.pdf

2 MB

2023

December

Personal Plans

05/12/2023

practice-focus-personal-plans-dec-23.pdf

3 MB

more

OSC A to Z

A - B

Accessibility

Accidents and emergencies

Additional support needs

Allergies

Anti-bullying

Attainment

Behaviour rules

Ch - Co

Childcare tax credits

Childcare vouchers

Child protection

Children's charter

Children's participation - UNCRC

Codes of conduct

Consent

Co - G

Contracts, costs, fees and cancellations

Creativity

Data Protection

Equality and diversity

First-Aid Training

Food choices

Getting it Right

H - J

Health and safety and insurance

Homework

Illness, infection and medication

Induction

Introduction

Jargon Buster

Just A...

K - Pa

Kids' Club

Learning

Lone Parents

Moving and Handling

Nature

Outdoor Play

Parental rights and involvement

Pe - T

Personal Plans

Play

Play and risk

Quality in OSC

Risk and Challenge

Social media and mobile phones

Trips and outings

U - Z

United Nations

Volunteers

Workforce

X-Boxes and Screens

Young Adults

Zero Tolerance

Start up guide

Introduction

Process

Setting up

Interest

Research

Premises

Policies

Business

Marketing

Quality

News

Jobs in OSC

soscn homepage

About SOSCN

The Scottish Out of School Care Network is a Scottish registered charity, established in 1991 and is the national infrastructure umbrella organisation providing support, mentoring, training, information and resources to the nearly 1,000 school-aged childcare services in Scotland, which provide childcare, play and learning to over 50,000 children.

All of our work is underpinned by a commitment to supporting and promoting the United Nations Convention on the Rights of the Child (UNCRC), in particular Articles 31; the right to culture leisure, rest and play; Article 12, the right to consultation and Article 18; states parties to develop appropriate services to support families, including assistance with childcare for working parents. We also have a particular focus on children in need or on poverty (Article 22) and support the provision of care for children with disabilities (article 23).

We are also committed to promoting and delivering the outcomes of Getting It Right For Every Child (GIRFEC) and the Playwork Principles. We also engage strategically at national and local levels to assist in the development and delivery of policies relating to childcare, children's rights and family support.

Information for Services

information

Financial Support to Parents

Understanding Financial Support to Parents to Pay for Childcare

information

Essential Guidance For School Age Childcare Services

Documents and guidance most relevance currently to registered school age childcare services

information

Business Support

It is vital that in addition to expert childcare knowledge, services need to have good business knowledge

home

Practice Focus

Regular information focusing on areas of best practice within the school age childcare, out of school care and playwork sector

BLOG

2023

June

Limited or Lack of Local School Age Childcare

Irene Audain MBE

14/06/2023

March

SOSCN's letter to First Minister Candidates

Irene Audain MBE

01/03/2023

January

Children's safeguarding at risk in unregulated out of school settings in England

Irene Audain MBE

09/01/2023

2022

December

Staying Safe and Professional Online as a Social Care Worker

Andrew Shoolbread

07/12/2022

November

Reconnecting - to care for others you need to care for yourself

Andrew Shoolbread

18/11/2022

Access to Childcare Fund - The Learning So Far

soscn

Andrew Shoolbread

14/11/2022

more

Newsletters

2024

March

Mar 2024

26/03/2024

soscn-newsletter-mar-2024.pdf

8 MB

2023

December

Dec 2023

01/12/2023

soscn-newsletter-dec-2023.pdf

6 MB

June

June 2023

21/06/2023

soscn-newsletter-jun-2023.pdf

4 MB

May

May 2023

17/05/2023

January

Jan 2023

11/01/2023

2022

November

Nov 2022

18/11/2022

more

Reports

Consultations

Training

GIRFEC and SHANARRI

Physical activity training

Heartstart training

More training

Resilience and ACEs

What is School Age Childcare?

Daycare of children is defined by the Public Services Reform (Scotland) Act 2010 as a service that provides care for children on non-domestic premises for a total of more than two hours a day and on at least six days per year.

The school age care childcare sector is the largest provider of play, care, and informal learning opportunities for school-aged children. There are nearly 1000 registered school age childcare services in Scotland, 588 breakfast clubs and 482 holiday services. More than 50,000 children of school age are registered in childcare. (Care Inspectorate, 2021).