top of page

10.6 Children’s records and data protection


Policy statement


We have record keeping systems in place that meet legal requirements; and the means we use to store and share that information takes place within the framework of the General Data Protection Regulations (GDPR) (2018) and the Human Rights Act (1998).

This policy and procedure should be read alongside our Privacy Notice, Confidentiality, recording and sharing of information policy.

During the Covid-19 outbreak there may be the need to keep additional records as part of outbreak management.


Principles of data protection: lawful processing of data

Personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject

  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is not compatible for these purposes

  3. adequate, relevant and necessary in relation to the purposes for which they are processed

  4. accurate, and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purpose for which they are processed, are erased or rectified without delay

  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed

  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”) Article 5 of the General Data Protection Regulations (2018)

Practitioners should process data, record and share information in line with the principles above.


The principles of GDPR and effective safeguarding recording practice are upheld

  • Recording is factual and non-judgemental.

  • The procedure for retaining and archiving personal data and the retention schedule and subsequent destruction of data is adhered to.

  • Parents/carers and children where appropriate are made aware of what will be recorded and in what circumstances information is shared, prior to their child starting at the setting. Parents/carers are issued with Privacy notice and should give signed, informed consent to recording and information sharing prior to their child attending the setting. If a parent/carer would not expect their information to be shared in any given situation, normally, they should be asked for consent prior to sharing.

  • There are circumstances where information is shared without consent to safeguard children. These are detailed below, but in summary, information can be shared without consent if a practitioner is unable to gain consent, cannot reasonably be expected to gain consent, or gaining consent places a child at risk.

  • Records can be accessed by and information may be shared with local authority professionals. If there are significant safeguarding or welfare concerns, information may also be shared with a family proceedings Court or the police. Practitioners are aware of information sharing processes and all families should give informed consent to the way the setting will use, store and share information.

  • Recording should be completed as soon as possible and within 5 working days as a maximum for safeguarding recording timescales.

  • If a child attends more than one setting, a two-way flow of information is established between the parents/carers, and other providers. Where appropriate, comments from others (as above) are incorporated into the child’s records.

General safeguarding recording principles

  • It is vital that all relevant interactions linked to safeguarding children’s and individual’s welfare are accurately recorded.

  • All recordings should be made as soon as possible after the event.

  • Recording should be to a good standard and clear enough to enable someone other than the person who wrote it, to fully understand what is being described.

  • Recording can potentially be viewed by a parent/carer or Ofsted inspector, by the successors of the practitioners who record, and may be used in a family Court as relevant evidence to decide whether a child should remain with their biological parents, or be removed to live somewhere else. Recording needs to be fair and accurate, non-judgemental in tone, descriptive, relevant, and should clearly show what action has been taken to safeguard a child, and reflect decision-making relating to safeguarding.

  • Recording should be complete, it should show what the outcome has been, what happened to referrals, why decisions were made to share or not share information, and it should contain summaries and minutes of relevant multi-agency meetings and multi-agency communication.

  • If injuries or other safeguarding concerns are being described the description must be clear and accurate and should give specific details of the injury observed and where it is located.


We keep two kinds of records on children attending our setting:


Developmental records

These include observations of children in the setting, photographs, video clips and developmental reports.  These are done on Tapestry (an online learning journey) which is only accessible to parents and staff.  These can be accessed, and contributed to, by our staff the child and the child’s parents.


Personal records


These may include the following

  • Personal details – including the child’s registration form and any consent forms.

  • Contractual matters – including a copy of the signed parent contract, the child’s days and times of attendance, a record of the child’s fees, and any fee reminders or records of disputes about fees.

  • Any communication with the parent regarding their child’s development, health and well-being. 

  • Early Support – including any additional focussed intervention provided by our setting (e.g. support for behaviour, language or development that needs an SEN action plan) and records of any meetings held.

  • Welfare and child protection concerns – including records of all welfare and protection concerns, and our resulting action, meetings and telephone conversations about the child, an Education, Health and Care Plan and any information regarding a Looked After Child.

  • Correspondence and Reports – including a copy of the child’s 2 Year Old Progress Check (as applicable), all letters and emails to and from other agencies and any confidential reports from other agencies.

  • These confidential records are stored in a lockable file or cabinet, which is always locked when not in use and which we secure in an office or other suitably safe place.  Any information sent via email is password protected.

  • We read any correspondence in relation to a child, note any actions and file it immediately

  • We ensure that access to children’s files is restricted to those authorised to see them and make entries in them, this being our manager, deputy or designated person for child protection, the child’s key person, or other staff as authorised by our manager

  • We may be required to hand children’s personal files to Ofsted as part of an inspection or investigation process; or to local authority staff conducting a S11 audit, as long as authorisation is seen.  We ensure that children’s personal files are not handed over to anyone else to look at.

  • Parents have access, in accordance with our Privacy Notice, and Confidentiality, recording and sharing of information policy, to the files and records of their own children, but do not have access to information about any other child.

  • Our staff will not discuss personal information given by parents with other members of staff, except where it affects planning for the child's needs. Our staff induction programme includes an awareness of the importance of confidentiality in the role of the key person.

  • We retain children’s records according to the retention periods advised by the Early Years Alliance.  For example, any records that relate to an accident or child protection matter are kept until a child reaches the age of 21 years or 24 years respectively. These are kept in a locked filing cabinet.


Archiving children’s files

  • When a child leaves our setting, all paperwork relating to them is stored in a locked filing cabinet with the child’s name and date of birth on the front.

  • If any data is kept electronically it is stored as above.

  • Where there are Section 47 child protection investigations, we keep the information for 25 years.

  • We store financial information according to our finance procedures.


Other records

  • We keep a daily record of the names of the children we are caring for, their hours of attendance and the names of their key person.

  • Students on Early Years Alliance or other recognised qualifications and training, when they are observing in the setting, are advised of our Confidentiality and recording and sharing of information Policy and are required to respect it.

  • Any parents who stay and play for a session are asked to read and sign a confidentiality agreement.


Legal framework

  • General Data Protection Regulations (GDPR) (2018)

  • Human Rights Act (1998)


Further guidance

  • Information sharing: Advice for practitioners providing safeguarding services to children, young people, parents and carers (2018)

bottom of page