Please could you advise what information we are permitted to have visible to a) staff and b) parents? There is essential information we need to have to hand ie. medical details but want to ensure we are GDPR compliant? Please could you help?
Your question is a quite broad and it is difficult to provide a detailed answer. In any organization employees access to personal data should be based on the need to know principle. Thus, the data on a person's health will be accessible only to the staff who needs this information to carry out their tasks.
Referring to the parents (or legal guardians) , they must have access only to the information they have provided about them and their children. Under no circumstances information about the health of other children should be provided to other parents through your organization.