So GDPR came into force on May 25th 2018. As an agency I already kept all nannies/clients data locked securely but I did send CV's and personal data via email. I have never registered nannies or clients using online forms so no need to change things there. I personally meet all my nannies at my home and clients in theirs and we go through the forms then.
So how did GDPR affect me as an agency? Well firstly I needed to tweak my registration forms asking if nannies/clients agreed for me to store their data and also I needed to ask nannies who are already registered this too. So this morning I sent 47 emails to all the nannies previously registered asking for them to inform me if they wish me to destroy their data. I have never stored nannies or clients telephone numbers on my agency phone so I don't have the risk of any data protection issues there. My laptop and emails have a password only known to me and I change this regularly.
So why do I need to hold data? I am an introduction agency so I need to know personal details about people. I hold their data for a legal basis for processing.... its all necessary for a contract. So I enrolled on a workshop and I did my audit and amended my registration forms.
Now what? Well I continue to lock away everyones files and I continue to keep my files updated and destroying files when no longer needed. I took the decision to no longer send C.V's via email as I cant get the hang of encrypting them! So I now send profiles of the nannies to potential families which don't give any data away that could lead them into knowing who the person is
I am registered with ICO and I find their website very useful for whenever I have a query.
GDPR hasn't really impacted on my agency too much its just made me more aware of correct usage of personal data. In fact I think its a positive change.