top of page

Data Protection & Confidentiality Policy

At Bijou nursery we recognise and respect that we hold sensitive/confidential information about children and their families and the staff we employ. This information is used to meet children's needs, for registers, invoices and emergency contacts. We store all records in a locked cabinet or on the office computer with files that are password protected in line with data protection principles. Any information shared with the staff team is done on a 'need to know' basis and treated in confidence. This policy will work alongside the Privacy Notice to ensure compliance under General Data Protection Regulation (Regulation (EU) 2016/679 (GDPR).



Legal requirements


  • We follow the legal requirements set out in the Statutory Framework for the Early Years Foundation Phase (EYFP) 2010 and accompanying regulations about the information we must hold about registered children and  their families and the staff working at the nursery setting.

  • We follow the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679 (GDPR) and the Freedom of Information Act 2000 with regard to the storage of data and access to it.




It is our intention to respect the privacy of children and their families and we do so by:


  • Storing confidential records in a locked filing cabinet or on the office computer with files that are password protected.

  • Ensuring staff, student and volunteer inductions include an awareness of the importance of confidentiality and that information about the child and family is not shared outside of the nursery other than with relevant professionals who need to know that information. It is not shared with friends and family, discussions on the bus or at the local bar.

If staff breach any confidentiality provisions, this may result in disciplinary action and, in serious cases, dismissal. Students on placement in the nursery are advised of our confidentiality policy and required to respect it.

  • Ensuring that all staff, volunteers and students are aware that this information is confidential and only for use within the nursery and to support  the child's best interests and well being with parental permission.

  • Ensuring that parents have access to files and records of their own children but not to those of any other child, other than where relevant professionals such as the police or local authority children's social care team decide this is not in the child's best interest.

  • Ensuring all staff are aware that this information is confidential and only for use within the nursery setting. If any of this information is requested for whatever reason, the parent's permission will always be sought other than in the circumstances above.

  • Ensuring staff do not discuss personal information given by parents with  other members of staff, except where it affects planning for the child's needs.

  • Ensuring staff, students and volunteers are aware of and follow our social networking policy in relation to confidentiality.

  • Ensuring issues concerning the employment of staff remain confidential to  the people directly involved with making personnel decisions.

  • Ensuring any concerns/evidence relating to a child's personal safety are kept in a secure, confidential file and are shared with as few people as possible on a 'need-to-know' basis. If, however, a child is considered at risk, our safeguarding and child protection policy will override confidentiality.


All the undertakings above are subject to the paramount commitment of the nursery, which is to the safety and well-being of the child.


General Data Protection Regulation (EU)  2016/679 (GDPR) compliance

In order to meet our requirements under GDPR we will also undertake the following:

  • We will ensure our terms & conditions, privacy and consent notices are easily accessed/made available in accurate and easy to understand language.

  • We will not share or   use data for other purposes.

  • Everyone in our nursery understands that people have the right to access their records or have their records amended or deleted (subject to other laws and regulations).

  • All information and records relating to staff will be kept confidentially in a locked cabinet

  • Individual staff may request to see their own personal file at any time.


This policy was adopted on March 2019. Date for review March 2020.



bottom of page