Childcare registers being GDPR compliant
Assign topic to the user
Answer:
Your question is a quite broad and it is difficult to provide a detailed answer. In any organization employees access to personal data should be based on the need to know principle. Thus, the data on a person's health will be accessible only to the staff who needs this information to carry out their tasks.
Referring to the parents (or legal guardians) , they must have access only to the information they have provided about them and their children. Under no circumstances information about the health of other children should be provided to other parents through your organization.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course// ).
Comment as guest or Sign in
May 10, 2018