Child First Trust

Data Protection

At Child First Trust we treat your data with the respect it deserves. We aim to be transparent and informative in all we do. The Child First Data Protection Policy aims to provide a set of guidelines to enable all those involved in Child First Trust to understand:

  • The law regarding personal data
  • How personal data should be processed, stored, archived and deleted/destroyed
  • How staff, associates, parents and pupils can access personal data

From 25 May 2018, organisations that handle personal data were required to meet new legal requirements, as the General Data Protection Regulation came into effect across the EU (replacing the 1995 EU Data Protection Directive).

On the same day, the UK’s Data Protection Bill was passed into law, as the Data Protection Act 2018, effectively implementing the GDPR into UK law.

GDPR and the Data Protection Act 2018, expand the privacy rights granted to data subjects and place greater obligations on organisations such as ourselves who handle the personal data of those individuals (data controllers and processors).

Child First ensured full compliance with the new GDPR prior to its implementation and remains committed to best practice in data protection. Child First Trust will strive to ensure the protection of all information assets within its care. High standards of confidentiality, integrity and availability of information are maintained at all times. A copy of the Child First Privacy Policy can be found HERE

Similarly a copy of the Child First Data Protection Policy can be accessed HERE.

Where associates use their own devices (such as laptops) to carry out their Child First work, they do so in full agreement to the charity’s Child First Bring Your Own Devices Policy

In the event of a data breach Child First commits to following the processes and procedures outlined in our Data Breach Policy. For a copy of this policy, just click HERE.

Should a breach require notification to the Information Commissioner’s Office then the following Child First Security Breach Notification Form will be used.

You may also find it useful to read our Cookies Policy, accessed HERE


Child First Data Protection Audits


Child First Data Audit – Speech and Language

Child First Data Audit – Secondary Counseling

Child First Data Audit – Primary Counseling

Child First Data Audit – FIF Family Support Work

Child First Data Audit – Child First Family Support Work

Child First Data Audit – Member Schools

Child First Data Audit – Associates

Child First Data Audit – Trustees


C and D Speech and Language Services

Child First commissions a company called C and D Independent Speech and Language Services. C and D are the data controllers and data processors on behalf of Child First Trust. A full copy of their Privacy Impact Assessment can be downloaded HERE

The Change Project, Colchester.

The Change Project are commissioned to deliver our 1:1 Primary Counselling Service until 31st July 2018. They are fully compliant with GDPR and have published the following statement in response to this.

The Change Project Documentation of GDPR Compliance (1)

Child First and Microsoft One Drive.

At Child First we use Microsoft One Drive for the storage of all Family Support and Counselling Files. This enables us to securely store and share your data in accordance with your consent.

You can find out more about our use of One Drive from the link below:

Child First and One Drive

In addition, you can access a series of fact sheets and web pages that answer specific questions in regards to Microsoft Cloud Storage.