Professional Documents
Culture Documents
Information Asset Register For Early Years Settings - Template
Information Asset Register For Early Years Settings - Template
information number
or ID
To ensure the suitability of staff; EYFS 2017; Computer files Mrs. A.N.
To ensure staff are contactable; Working Together to held on i-cloud; Other
To evidence appropriate recruitment Safeguard Children 2015; Archived (Nominated
checks have been undertaken; Equalities Act 2010 information person/Chair)
To meet the requirements of the EYFS stored off-line;
Paper documents
stored in secure,
fixed filing
cabinet on site.
Volume Personal Access Shared Format
data
20 current Yes; includes Access is restricted to Information is shared with Word documents;
files; sensitive named senior senior managers, Ofsted password protected
10 archived personal data managers and and the local authority spreadsheets.
files; registered person. where required for
Total 30. safeguarding and child
protection purposes.
Selected information may
also be shared with
prospective new
employers.
Retention Risks / impact Control measures Key
asset
What is this information used for? Under what legislation is this information required?
Explain here why you are collecting Identify here under what legislation you are permitted to/or are
this information and for what required to collect such data. This includes:(a) Consent: the
purpose. individual has given clear consent for you to process their
personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have
with the individual, or because they have asked you to take
specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to
comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect
someone’s life.
(e) Public task: the processing is necessary for you to perform a
task in the public interest or for your official functions, and the
task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your
legitimate interests or the legitimate interests of a third party
unless there is a good reason to protect the individual’s personal
data which overrides those legitimate interests. This means you
need to consider:
•The balance between the interests of the controller and
•The rights and freedoms of the individual. The legitimate
interest must be a real and valid reason (not vague).
required to catalogue all the information you hold and process as a setting. The IAR will help determine whether the informa
the different groups of individuals you hold data on; how you hold that data and where you hold it.
preadsheet on the Information Asset Register tab. Also included are examples of some of the documentation you may need to
State here whether the information is Who has access to the data?
personal data or not. Personal data means Record if there is restricted
any information relating to an access to the data.
identifiable person who can be directly
identified through the information
available. Sensitive personal data means
any information relating to special
categories of data, including racial or
ethnic origin, political opinion,
religious/philosophical beliefs, trade
union membership, genetic data,
biometric data, health data and data
relating to a natural person's sex life or
sexual orientation. Remember that
personal data includes information
available digitally, such as online
identifiers (such as email addresses, user
profiles, and IP addresses). NB a 'natural'
person is a human being as opposed to a
'legal' person which is generally an
organisation.
ive data; stored appropriately; shared safely; and retained for an appropriate length of time.
exhaustive list and you will need to adapt the list and add to it to ensure it covers everything that applies to your setting. You
Shared Format
o it to ensure it covers everything that applies to your setting. You will need to complete each column for each asset to fully
Retention
Record how long you plan to retain the data for. The Data Protection Act does not set out
any specific minimum or maximum time periods for retaining personal data. Instead, it
advices that personal data should not be kept for longer than its intended purpose. Some
suggested guidelines are available for the retention of data, but you will need to consider
these in respect of your own setting. It may be the case of keeping some data but not all.
For example, in respect of staff employment files consider how long you may need the
information for in the future. For most settings, it is likely to be beneficial to know which
staff have been employed and when over the course of the business (and longer). This
could be necessary if a safeguarding allegation was brought up at a later stage, and the
police needed to look at the individual's employment history. Other information relating to
the individual's employment history is less likely to be needed for a significant period of
time and could be destroyed a lot earlier. A good rule of thumb is to keep information
relating to the setting (staff or children) until at least the time of the next Ofsted inspection
if there is no other known reason for keeping such.
h column for each asset to fully
Consider what the risk Record here the control measures you have put in
could be to yourself, place to keep your data safe. If necessary create an
staff, parents, children, action plan to enable you to consider what further
your business of losing actions may be required. Consider control
data. What could the measures that apply to both the physical and digital
impact and world. Although most data will be stored at the
repercussions be? setting, consider times when data may be taken off
site and what control measures you have in place
then. For example, how do you ensure child
protection records are delivered safely to a new
setting or school? Or if staff are only allowed to
use designated equipment for taking photos in the
setting - how do you ensure such equipment is not
taken off site or that the rules are consistently
applied when on an outing with children?
Key asset
This is a yes or no
answer. A key asset is
one which is critical to
your business and one
which your setting would
have difficulty operating
without if lost.