Ashton, Manchester

Safe Start Data Protection Policy

Policy Created: January 2020
Reviewed by: Grace Speakman
Review Date: January 2021


1 Policy purpose
2 Data Protection Act (1998)
3 Staff Data
4 Child & Young Persons Data
5 SS responsibilities
6 Staff Responsibilities
7 Complaints procedure


In order to carry out its day to day operations, to meet its objectives and to comply
with legal obligations Safe Start (SS) needs to keep certain information on its
employees, volunteers, service users and trustees.

The aim of this policy is to ensure that everyone handling personal data is fully
aware of the requirements and acts in accordance with data protection procedures. This
document also highlights key data protection procedures within the organisation.


Safe Start is committed to ensuring any personal data will be dealt with in line with the
Data Protection Act (1998).

There are 8 data principles which provide the foundation of
the act, which prescribe guidelines on: the information life cycle; the purpose for which
data are gathered and held; and the rights of data subjects (the individual who are the
subjects of the personal data held by Safe Start).

Safe Start will adhere to the 8 data principles outlined by the Data Protection Act
(1998) and therefore all data that Safe Start collects will be:

  • used fairly and lawfully;
  • used for limited, specifically stated purposes;
  • used in a way that is adequate, relevant and not excessive;
  • accurate;
  • kept for no longer than is absolutely necessary;
  • handled according to people’s data protection rights;
  • kept safe and secure;
  • not transferred outside the European Economic Area without adequate protection.


Various data is held on staff relating to their employment with Safe Start. This will
cover all aspects of recruitment, selection and employment including*:

  • Job application forms
  • Interview assessments
  • References
  • Probationary and annual reviews and supervisions
  • Payroll information: bank details, national insurance number as well as details of any deductions from pay.
  • Sick notes and medical assessments
  • Details of grievance and disciplinary proceedings including current warnings,
    reference requests, etc.
    *This list is not exhaustive


Various data is also kept on the children and young people who utilise the facilities of
Safe Start. These details are obtained by the completion of a short registration form by
parents/carers or self-declarations via self-referral. All the information provided on this
form is confidential and the forms are kept locked at the appropriate centre and are only
available to appropriate staff.

The data on children and young people is obtained in order to allow staff to have
access to contact details and medical information, which may be necessary in the case of
an emergency.

This data may also be used in statistical data reports used for contract compliance and/or funding applications. These reports are authorised and designed to protect an individual’s discrete data.


Much of the data held by Safe Start is, by its nature, highly personal. Safe Start recognises that it
is its duty to safeguard the data by all means possible and to inform interested staff
about what is kept and why, along with information on how the data can be accessed
and by whom.

The data kept on staff is exclusively in relation to their employment with Safe Start; no
unrelated data will be kept. The data kept will be used purely for the purpose of
administrating and managing the employment.

Adequate measures will be taken to safeguard data so as to prevent loss, destruction
or unauthorised disclosure. The more sensitive the data, the greater the measures that
will be taken. The majority of personal data Safe Start collates will be kept in individual
personnel files, which are in turn kept within Safe Start central office.

In order to comply with OFSTED regulations, Line Managers may also need to securely store copies of staff files onsite. There is restricted access to these files and they are kept locked.

Data will not be held for any longer than is necessary, therefore personal data will be
reviewed periodically to check that it is accurate, up to date and to determine whether
retention is still necessary.

Access to staff data is restricted to Management at the appropriate level, to Payroll
staff for any issues specifically relating to pay and to administrative staff (in connection
with file maintenance, employment correspondence etc.). Everyone managing and
handling personal information will be trained to do so.

Safe Start will ensure personal data is not processed except for the purpose(s) for which they were obtained or for a similar purpose. If the new purpose is very different, the data subject’s consent will be obtained.

When data has been earmarked for destruction, appropriate measures will be taken
to ensure that the data cannot be reconstructed and processed by a third party.


To meet Safe Start’s responsibilities, all staff, volunteers and trustees will:

  • Ensure any personal data is collected in a fair and lawful way;
  • Explain why it is needed at the start;
  • Ensure that only the minimum amount of information needed is collected and
  • Ensure the information used is up to date and accurate;
  • Review the length of time information is held;
  • Ensure it is kept safely;
  • Ensure the rights people have in relation to their personal data can be exercised.

All staff, volunteers and trustees are also responsible for:

  • Checking that any information that they provide to Safe Start in connection with their
    employment is accurate and up to date.
  • Informing Safe Start of any changes to information, which they have provided, i.e.
    changes of address.
  • Informing Safe Start of any errors or changes in staff information. Safe Start cannot be held
    responsible for any such errors unless the staff member has informed Safe Start of them.

Staff are entitled to view their own personnel files; to do so they should arrange a
mutually convenient time with central office.

The unlawful obtaining or disclosure of personal data or any other breach of the Data
Protection Act by staff will be treated seriously by Safe Start, in line with its pre-existing
disciplinary procedures and may lead to disciplinary action up to and including dismissal.


Any staff who have concerns regarding the safeguarding of personal data should
inform the appropriate manager, in line with Safe Start’s complaints procedure.

Safe Start will endeavour to answer any queries about handling personal information in a timely manner.